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Well-known principles of induction include monotone induction and different sorts of non- 
monotone induction such as inflationary induction, induction over well-founded sets and iterated 
induction. In this work, we define a logic formalizing induction over well-founded sets and mono- 
tone and iterated induction. Just as the principle of positive induction has been formalized in 
FO(LFP), and the principle of inflationary induction has been formalized in FO(IFP), this paper 
formalizes the principle of iterated induction in a new logic for Non-Monotone Inductive Defini- 
tions (ID-logic). The semantics of the logic is strongly influenced by the well-founded semantics 
of logic programming. 

Our main result concerns the modularity properties of inductive definitions in ID-logic. Specif- 
ically, we formulate conditions under which a simultaneous definition A of several relations is 
logically equivalent to a conjunction of smaller definitions Ai A • ■ • A A„ with disjoint sets of 
defined predicates. The difficulty of the result comes from the fact that predicates Pi and Pj 
defined in A; and Aj, respectively, may be mutually connected by simultaneous induction. Since 
logic programming and abductive logic programming under well-founded semantics are proper 
fragments of our logic, our modularity results are applicable there as well. 



Categories and Subject Descriptors: ... [... 



1. INTRODUCTION 

This paper fits into a broad project aiming at studying general forms of inductive 
definitions and their role in diverse fields of mathematics and computer science. 
Monotone inductive definitions and inductive definability have been studied exten- 
sively in mathematical logic [Moschovakis 1974a; Aczel 1977]. The algebraic foun- 
dations for monotone induction are laid by Tarski's fixpoint theory of monotone 
lattice operators [Tarski 1955]. The notion of inductive definition is the under- 
lying concept in fixpoint logics [Gurevich and Shelah 1986; Dawar and Gurevich 
2002] which found its applications in e.g. database theory [Abiteboul et al. 1995] 
and descriptive complexity theory [Immerman 1999; Ebbinghaus and Flum 1999]. 
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Logics with fixpoint constructs to represent (monotone) inductive and co-inductive 
definitions play a central role as query and specification languages in the area of 
verification of dynamic systems using modal temporal loics such as the /i-calculus 
[Kozen 1983]. Induction axioms have been used succesfully in the context of prov- 
ing properties of protocols using specialised automated reasoning tools [Paulson 
1998]. The concept of definitions and definitional knowledge is also fundamental 
in the area of description logics [Brachman and Levesque 1982], the class of logics 
that evolved out of semantic networks. Importantly, complexity results in fixpoint 
logic and logic programming suggest that inductive definitions often combine high 
expressivity with low complexity. Thus, it appears that the notion of definition and 
its inductive generalisations emerges as a unifying theme in many areas of math- 
ematics and computational logic. Hence, its study could improve insight in the 
interrelations between these areas and lead to synergy between them. 

In this paper, we are concerned with non- monotone inductive definitions. A 
familiar example of a non-monotone inductive definition is the definition of the 
satisfaction relation \= between a truth assignment / and a formula. In case of 
prepositional logic, this relation is defined by induction over the subformula order 
on formulas: 

- I\=pifpGl, 

- I \= tp A (j) if I ^ ip and I \= (I), 

- I \=^pV (j)if I \=ip 01 1 ^ (j), 

- I \=^'il; if I ^tp. 

This inductive definition is non-monotone because of its last rule, which adds the 

pair {I,^tjj) to the truth relation if the pair {I,ip) docs not belong to it. This is 
an example of an inductive definition over a well-founded order. Recently, the au- 
thors of [Denecker 1998; Denecker et al. 2001a] investigated certain non-monotone 
forms of inductive definitions in mathematics and pointed out that semantical stud- 
ies in the area of logic programming might contribute to a better understanding 
of such generalised forms of induction. In particular, it was argued that the well- 
foimdcd semantics of logic programming [Van Gcldcr ct al. 1991] extends monotone 
induction and formalises and generalises non-monotone forms of induction such as 
induction over well-founded sets and iterated induction [Feferman 1970; Buchholz 
et al. 1981]. In [Denecker ct al. 2000; Denecker ct al. 2004], the well-founded seman- 
tics was further generalised into a fixpoint theory of general non-monotone lattice 
operators. This theory, called approximation theory, generalises Tarski's theory of 
fixpoints of monotone lattice operators and provides the algebraic foundation of 
the principle of iterated induction. Later, it turned out that the same principle 
is fundamental in an area of artificial intelligence concerned with using logic for 
knowledge representation — non-monotonic rcasoning-'^. In particular, [Denecker 
et al. 2000; Denecker et al. 2003] demonstrated that the semantics of three major 

^The term "non- monotone" has a different meaning in the context of inductive definitions than 
in the context of non-monotone reasoning. A logic is non-monotone when adding formulas to a 

theory may not preserve inferred formulas. A monotone definition is one inducing a monotone 
operator. In fact, the fragment of monotone inductive definitions in ID-logic is a non-monotone 
logic. 
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approaches to non-monotonic reasoning, default logic [Reiter 1980], autoepistemic 
logic [Moore 1985] and logic programming [Lloyd 1987] are described by approxi- 
mation theory. Thus, generalised inductive definitions also play a fundamental role 
in the semantics of knowledge representation formalisms. 

In a seminal paper on knowledge representation, Brachman and Levesque [Brach- 
man and Levesque 1982] had observed that definitional knowledge is an important 
component of human expert knowledge. Motivated by this work, the author of 
[Denecker 2000] extended classical logic with non-monotone inductive definitions in 
order to demonstrate that general non-monotone inductive forms of definitions also 
play an important role in knowledge representation. In this paper, we extend this 
work. The contributions of the paper are the following: 

— We formalize the principle of iterated induction in a new logic for Non-Monotone 
Inductive Definitions (ID-logic). This logic is an extension of classical logic with 
non-monotone inductive definitions, and is a generalisation of the logic that was 
defined in [Denecker 2000]. 

— We demonstrate that different classes of definitions can be correctly and unifor- 
mally formalised in our logic. To achieve this goal, we present an alternative 
formalisation of these classes in classical first- or second-order logic, and provide 
an equivalence-preserving transformation from ID-logic to these formalisations. 

— We study modularity properties of non- monotone inductive definitions in ID-logic 
and provide a set of techniques that allow one to break up a big definition into 
a conjunction of smaller and simpler definitions. 

The main result of the paper is a set of formal conditions that guarantee that a 
simultaneous definition of several predicates can be split up into the conjunction of 
components of this definition, each component defining some subset of the defined 
predicates. In addition, our theorems provide conditions under which joining a set 
of definitions for distinct sets of predicates into one simultaneous definition of all 
these predicates is equivalence preserving. The problem that we study is similar to 
that studied in [Verbaeten et al. 2000], but our results are uniformally stronger in 
the sense that they are proven for a more expressive logic and under more general 
conditions. 

The results are important because modularity is a crucial property in formal veri- 
fication and knowledge representation [Reichgelt 1991]. For example, it is important 
to be able to specify a complex synamic system by describing its components in 
independent modules which can then be conjoined to form a correct description of 
the complete system. Thus, the operation of joining modules should preserve the 
correctness of the component modules. The dual operation of splitting a complex 
theory into an equivalent set of smaller modules is equally important. It allows one 
to investigate complex theories by studying its modules independently, and reduces 
the analysis of the correctness of the complex theory to the much simpler problem 
of analysing the correctness of its modules. 

The paper is structured as follows. In Section 2, we discuss various forms of 
induction and their formalisations. This discussion provides the intuitions and the 
motivation for defining the new logic. Section 3.1 introduces some preliminaries 
from logic and lattice theory. In section 4, we extend classical logic with the gen- 
eralised non- monotone definitions. In section 6, the modularity of the definition 
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expressions is investigated. In section 7, we present equivalence-preserving trans- 
formations from ID-logic to first-order and second-order logic for different familiar 

types of definitions. Here, the modularity techniques developed in the previous 
section arc used as a tool to prove correctness of the transformations. 

2. FORMAL STUDY OF INDUCTIVE DEFINITIONS 

Mathematical induction refers to a class of effective construction techniques used 
in mathematics. There, a set is frequently defined as the limit of a process of 
iterating some operation. Often, mathematicians describe such a construction by 
an inductive definition. The core of an inductive definition in mathematics consists 
of one or more basic rules and a set of inductive rules. Basic rules represent base 
cases of the induction and add elements to the defined set in an unconditional way: 
inductive rules add new elements to the set if one can establish the presence or the 
absence of other elements in the set. The defined set is obtained as the limit of 
some process of iterated application of these rules. 

In this section, we discuss various forms of such inductive definitions and how 
they are formalised. Then we motivate and preview a new formal logic of definitions. 
The section is partially based on ideas presented earlier in [Denecker 1998; Denecker 
et al. 2001a]. 

2.1 Monotone Inductive Definitions. 

In a monotone inductive definition, the presence of new elements in the set depends 
only on the presence of other elements in the defined set, not on the absence of those. 
The defined set is the least set closed under application of the rules. Such definitions 
arc frequent in mathematics. A standard example is the transitive closure of a 
directed graph: 

The transitive closure Tq of a directed graph G is inductively defined as 
the set of edges (x, y) satisfying the following rules: 
-(.T,y)eTGif {x,y)GG; 

— (x, y) e Tg if for some vertex z, (x, z), (z, y) S Tq- 

Other typical examples are the the definition of a subgroup generated by a set of 
group elements, or the definitions of a term, formula, etc. in logic. 

Monotone inductive definitions have been studied extensively in mathematics 
[Moschovakis 1974a; Aczcl 1977]. In [Moschovakis 1974a], such a definition is asso- 
ciated with a formula (p{x,X). Intuitively, this formula encodes all the conditions 
under which tuple x belongs to the defined predicate X. The formula (p{x, X) must 
be positive in X, that is no occurrence of X may appear in the scope of an odd 
number of occurrences of the negation symbol For instance, for the transitive 
closure example above we have: 

^trans 

{{x, y),TG) := G{x, y) V 3z{Tg{x, z) A Tg{z, y)). 

Each disjunct in this formula formally expresses the condition of one of the rules 
in the informal definition. 

Given a structure / which interprets all constant symbols, the formula ip{x, X) 
characterises an operator r^(^ x) mapping a relation R to the relation R' consisting 
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of tuples a such that (p{a, R) is true in /. In general, r^(j ) may have multiple 
fixpoints, but the fact that (p{x, X) is a positive formula implies that the operator 
is monotone and has a least fixpoint, which is the relation inductively defined by 
(p{x,X). A logic to represent monotone inductive definitions is the least fixpoint 
logic FO(LFP) (see, e.g. [Ebbinghaus and Flum 1999]). 

2.2 Inductive Definitions over a Weil-Founded Order. 

In a non-monotone inductive definition, the presence of new elements in the set 

depends on the absence of certain elements in the defined set. An example of such 
a definition is the definition of the truth relation given in the introduction. Let us 
consider another definition with a similar structure. 

The set of even numbers is defined by induction over the standard order 

< on the natural numbers: 
— is an even number; 

— n -j- 1 is an even number if n is not an even number. 

The definitions of even numbers and of \= are examples of inductive definitions over 
well-founded orders. Such a definition describes the membership of an element in 
the defined relation in terms of the presence or absence of elements in the defined 
relation that are strictly smaller with respect to some well-founded (pre-)ordcr. By 
applying this definition to the minimal elements and then iterating it for higher 
levels, the defined predicate can be constructed, even if some inductive rules are 
non-monotone. This type of inductive definitions is fundamentally different from 
monotone inductive definitions. Indeed, the set defined by a monotone inductive 
definition can be characterised as the least set closed under the rules. In contrast, a 
definition over a well-founded order does not characterise a unique least set closed 
under its rules. For instance, {0, 2, 4, 6, ... } and {0, 1, 3, 5, 7, ... } are both minimal 
sets closed under the above rules. 

Using the same representation methodology to represent this inductive definition 
as in the monotonic case, we would obtain the formula 

ife^enix, E) '.^ X = V 3y{x = S {y) A -£^(2/)). 

In the context of the natural numbers, the operator characterised by this formula 
is non-monotone and maps any set S of natural numbers to the set consisting of 
and all successors of all numbers in the complement of S. This is a non-monotone 
operator which has the set of even numbers as unique fixpoint. In general, the 
set defined by this type of inductive definitions can be characterised as the unique 
fixpoint of the operator associated to the definition. This will be formalised in 
section 7. 

Other examples of non-monotone inductive definitions over well-founded orders 
are given in [Dencc;kcr et al. 2001a]. They include a definition of the concept of 
a rank of an clement in a well-founded set (the rank of an element x is the least 
ordinal strictly larger than the rank of all y < x), and a definition of the levels of 
a monotone operator in the least fixpoint construction. Although induction over 
a well-founded set is a common principle in mathematics, to our knowledge it has 
not been studied explicitly in mathematical logic. However, we will argue below 
that it can be seen as a simple form of iterated induction. 
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2.3 Inflationary Induction. 

In order to extend his theory of inductive definitions to the class of all defini- 
tions (monotone and non- monotone), Moschovakis [Moschovakis 1974b] proposed 
the following approach. The idea is to associate with an arbitrary formula (fi{x, X) 
(possibly non-positive) the operator T'^^- where 

rUs,x)(i?) :=r^(s,x)(i?)ui?. 

Operator T'^j-- is not monotone, but it is inflationary, that is, for every R, 
R C r^^g Thus, by iterating this operator starting at the empty relation, 

an ascending sequence can be constructed. This sequence eventually reaches a 
fixpoint of r^(gx)- This fixpoint was later called the inflationary fixpoint, and 
the corresponding logic FO(IFP) was introduced [Gurevich and Shelah 1986]. This 
logic introduces infiationary, and its dual, deflationary, fixpoint constructs. The 
inflationary fixpoint logic played an important role in descriptive complexity theory 
and has been used to characterize the complexity class PTIME [Immerman 1986; 
Livchak 1983; Vardi 1982]. 

Inflationary induction and induction over a well-founded order are two difi^erent 
principles. Consider, for example, the definition of the even numbers presented 
above. The formula (pcvcn is a natural representation of this definition. However, 
the inflationary fixpoint [lFPx,E'Pcven]t is the set of all natural numbers. Indeed, 
0urA„,„ (0) = N and NUTa,,,,, (N) = N. Even though it is possible to write down a 
definition of the even numbers using inflationary fixpoints, such an encoding would 
be neither natural nor direct. It would not reflect the way in which mathematicians 
express induction over a well-founded order. Since our goal is to formalise the latter 
sort of induction in a way that reflects the natural rule-based structure in which 
mathematicians represent such definitions, this paper will not be concerned with 
inflationary fixpoints. For examples where inflationary and deflationary inductions 
naturally appear, we address the reader to the work by Gradel and Kreutzer [Gradel 
and Kreutzer 2003]. 

2.4 Iterated Inductive Induction. 

The basic idea underlying induction is to iterate a basic construction step until 
a fixpoint is reached. In an iterated induction, this basic construction step itself 
is a monotone induction. That is, an iterated inductive definition constructs an 
object as the limit of a sequence of constructive steps, each of which itself is a 
monotone induction. One can formulate the intuition of the iterated induction 
of a structure also in the following way. Given a mathematical structure Mq of 
functions and relations, a positive or monotone inductive definition defines one or 
more new relations in terms of Mq . The definition of these new relations may depend 
positively or negatively on the relations given in Mq. Once the interpretation of 
the new relations is fixed, Mq can be extended with these, yielding a new extended 
structure Mi. On top of this structure, again new relations may be defined in the 
similar way as before. The definition of these new predicates may now depend 
positively or negatively on the relations that were defined in Mi. This modular 
principle can be iterated arbitrarily often, possibly a transfinite number of times. 
We call this informal principle the principle of Iterated Induction. In general, an 
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iterated inductive definition must describe, in a finite way, a possibly transfinite 
sequence of monotone or positive definitions of sets. If the definition of a set 
depends (positively or negatively) on another defined set, then this other set must 
be defined in an earlier definition in this sequence. 

An example of an iterated inductive definition mentioned in [Denecker et al. 
2001a] is the definition of the stable theory of some prepositional theory T. Basically, 
this is the standard concept of deductive closure of a propositional theory T under 
a standard set of inference rules augmented with two additional inference rules: 

±iL and 

Note that the second rule is non-monotone. The stable theory of T is a deduc- 
tively closed modal theory which contains explicit formulas representing whether T 
"knows" a formula ■0 or not. It can be viewed as the set of formulas known by an 
ideally rational agent with perfect introspection whose base beliefs are represented 
byT. 

Let us consider this induction process in more detail. We define the modal nesting 
depth of a formula F as the length n of the longest sequence {KFi,KF2, . . . , KFn) 
such that F contains KFi and Fi contains KFi+i for each 1 <i < n. The start of 
the iterated induction is a monotone induction closing T under the propositional 
logic inference rules. This yields a deductively closed set Tq of propositional for- 
mulas of modal nesting depth 0. Next we apply the two modal inference rules to 
infer modal literals K-:l> or -^Kip, for each propositional formula tp. After comput- 
ing these literals, we reapply the first step and derive, using the standard inference 
rules, all logical consequences with modal nesting depth being less or equal to 1. 
This process can now be iterated for formulas with increasing modal nesting depth. 
The result of this construction process is the stable theory of T and contains for- 
mulas of arbitrary modal nesting depth. It was shown in [Marek 1989] that the 
stable theory of T is exactly the collection of all modal formulas that are true in 
the possible world set W consisting of all models of T. More precisely, it holds that 
the stable theory of T is the set of all modal formulas F such that for the collection 
W of models of T and for each model M eW,it holds that W, M \= F. 

Iterated Induction is a generalisation of monotone induction. It is also related 
to induction over a well-founded order. The link is seen if we split up a definition 
of the latter kind in an infinite number of definitions, each defining a single ground 
atom, and ordering or stratifying^ these definitions in a sequence compatible with 
the well-ordering. For example, even numbers could be defined by the following 
iterated definition: 

(0) is even 

(1) 1 is even if is not even 

(2) 2 is even if 1 is not even 

(n + 1) n + 1 is even if n is not even 



■^This stratification corresponds to the notion of local stratification in logic programming [Przy- 
musinski 1988]. 
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Clearly, the iterated induction described here constructs the set of even numbers. 
We can thus view an inductive definition in a well-founded set as an iterated induc- 
tive definition consisting of a sequence of non-inductive (recursion-free) definitions. 
Iterated induction is more general than induction over a well-founded set because 
positive recursion within one level may be involved (as illustrated by the stable 
theory example). 

The logical study of iterated induction was started in [Kreisel 1963] and extended 
in later studies of so-called Iterated Inductive Definitions (IID) in [Feferman 1970], 
[Martin-L6f 1971], and [Buchholz et al. 1981]. The IID formalism defined in [Fefer- 
man 1970; Buchholz et al. 1981] is a formalism to define sets of natural numbers 
through iterated induction. To represent an iterated inductive definition of a set 
H , one associates with each natural number an appropriate level index, an ordinal 
number. This level index can be understood as the index of the subdefinition which 
determines whether the number belongs to the defined set or not. The iterated in- 
ductive definition is described by a finite parametrised formula (p{n, x, P, H), where 
n represents a level index, x is a natural number, P is a unary predicate variable 
with only positive occurrences in and ranging over natural numbers, and H is 
the defined relation represented as a binary predicate ranging over tuples (n, x) of 
natural numbers x and their level indices n. The formula ip{n, x, P, H) encodes that 
n is the level index of x, and x can be derived (using the inductive definition with 
level index n) from the set P and the restriction of H to tuples with level index 
< n. Using ip, the set H is characterised by two axioms. The first one expresses 
that H is closed under ^p■. 

yn\/x {ip{P{a)/H{n,a)) H{n,x)). 

In this formula, ip{P{a) / H{n, a)) (where a is an arbitrary term) denotes the formula 

obtained from (p by substituting H{n,a) for each expression P(cr). 

The second axiom is a second-order axiom expressing that for each n, the subset 
{x I (n, x) e H} of N is the least set of natural numbers closed under (p: 

\/nyP [Va; {ip P{x)) Vx {H{n,x) P{x))]. 

As an example, let us encode the non-monotone definition of even numbers in the 
IID-formalism. It is a definition by induction on the standard order of natural 
numbers which means that we can take a natural number and its level index to be 
identical. The formula (fi to be inserted in the axioms above is^: 

(n = A a; = 0) V 3y{n = s{y) Ax = s{y) A -'H{y, y) Ay < n). 

This formula represents that {n,x) can be derived if x and its level index n are 
identical and if a; = or if the predecessor of x is not even. 

2.5 A Preview of ID-Logic 

In this paper, wc design a logic for formalising several forms of inductive definitions. 
Just as the principle of Monotone Induction has been formalised in FO(LFP), the 
principle of Inflationary Induction has been formalized in FO(IFP), the principles 

■^The formula doesn't contain the predicate variable P because this is a definition over a well- 
founded order which does not involve monotone induction. 
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of Induction over a well-founded order and Iterated Induction are captured by our 
logic. We call it a Logic for Non- Monotone Inductive Definitions (ID-logic). 

The logic is designed as an extcntion of classical logic with definitions. A defini- 
tion will be represented as a set of rules of the form: 

Vi(P(5) <- ip), 

where P is a relational symbol defined by the definition, and ip an arbitrary first- 
order formula. For example, the non-monotone definition of even numbers will be 
represented by the set: 

r yx{E{x) ^x^O), \ 
[ ME{six)) ^ ^E{x)) / ■ 

Prom a representational point of view, this syntax has some interesting features: 

— Rule-based representation. Formalisations of definitions in ID-logic preserve 
the rulc-bascd structure of definitions in mathematics. Stated differently, rules 
in a mathematical definition can be formalised in a modular way by definitional 
rules in an our logic. 

— Uniform formalisation of different types of definitions. Syntax and se- 
mantics of ID-logic is designed for uniform formalisation of non-inductive (recTirsion- 
free) definitions, positive or monotone inductive definitions, definitions over well- 
founded sets and iterated inductive definitions. 

— No explicit level mapping. A model of an ID-logic definition is constructed 
following the natural dependency order on defined atoms that is induced by the 
rules. As a consequence, and contrary to the IID-formalism of the previous 
section, there is no need to explicitly represent a level mapping of an iterated 
inductive definition. 

— Simultaneous induction. Consider for example the following simultaneous 
inductive definition of even and odd numbers: 

yx{E{x) ^ X = 0), ] 
ME{s{x)) ^ 0{x)), \ . 
Va;(0(s(a;)) ^ E{x)) J 

— A logic with second-order variables. ID-logic allows second-order variables 
and quantification. As an example, consider the following sentence of ID-logic: 

^^^\ Va;(P(s(a;)) ^ P(a;)) j ^ 

This axiom, stating that the least set P containing and closed under the suc- 
cessor operation contains all domain elements, is an ID-logic formalisation of the 
second-order induction axiom of the natural numbers. 

The main differences between ID-logic and the IID-formalism of Section 2.4 are its 
rule-based nature and the absence of an explicit encoding of a level mapping. The 
rules of an inductive definition induce an implicit dependency order on the defined 
atoms. For example, in the definition of even numbers, the rule Vx{E{s{x)) <— 
-'E{x)) induces a dependency of each atom i?[n-|- 1] on the atom E[n]. Notice that 
the transitive closure of this dependency relation corresponds with the standard 

ACM Transactions on Computational Logic, Vol. V, No. N, February 2008. 



10 • Marc Denecker and Eugenia Ternovska 

order of the natural numbers, the well-founded order over which the set of even 
numbers is defined by this definition. This suggests that the encoding of the level 
mapping in the IID-formalism only adds redundant information to the definition. 

In ID-logic, the construction of the model of a definition proceeds by following 
the implicit dependency order that is induced by the rules. The technique to do this 
was developed in logic programming. In [Denecker 1998; Dcncckcr ct al. 2001a], 
Denecker proposed the thesis that the well-founded semantics of logic programming 
[Van Gelder et al. 1991] provides a general and robust formalization of the principle 
of iterated induction. In Section 4, wc recall this argument and show how the 
construction of the well-founded model can be seen as an iterated induction which 
follows the natural dependency order induced by the rules. 

3. PRELIMINARIES 

3.1 Preliminaries from Logic 

We begin by fixing notation and terminology for the basic syntactic and semantic 

notions related to first- and second-order logic. 

Wc assume an infinite supply of distinct symbols, which are classified as follows: 

1. Logical symbols: 

a) Parentheses: (,); 

b) Logical connectives: A, 

c) Existential quantifier: 3; 

d) Binary equality symbol: = (optional); 

e) Two propositional symbols: t and f . 

2. Non-logical symbols: 

a) countably many object symbols. Object symbols are denoted by low-case 
letters; 

b) for each positive integer n > 0, countably many n-ary function symbols of 
arity n. Function symbols are denoted by low-case letters; 

c) for each positive integer n, countably many n-ary relation symbols, also called 
predicate or set symbols of arity n. We use upper-case letters to denote pred- 
icates. 

As usual, wc identify object symbols with 0-ary function symbols and propositional 
symbols with predicate symbols of arity 0. 

Remark 3.1. In most parts of this paper, we do not make a formal distinction 
between variable and constant symbols. Symbols occurring free in a formula can be 
viewed as constants; symbols in the scope of a quantifier can be vicnved as variables. 
In examples, we tend to quantify over x, y, X, Y, and leave c, g, f and P, Q free 
and treat them as constants. 

We define a vocabulary as any set of non-logical symbols. We denote vocabularies 

by T, rX, We shall denote the set of function symbols of r by rfn, and we use 

cr, (Ti, (72 etc., to refer to an arbitrary symbol of the vocabulary. We write a to 
denote a sequence of symbols (ai, (J2, . . . ) or, depending on the context, simply the 
set of symbols {(Ti,a2, . . . }. Likewise, X denotes a sequence or a set of relational 
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symbols (i.e, set variables or constants), and x is used to denote a sequence or a 
set of object symbols, etc.. 

A term is defined inductively as follows: 

- an object symbol is a term; 

- if ii, . . . , i„ are terms and / is an n-ary function symbol, where n > 1, then 

. . . ,tn) is a term. 

A formula is defined by the following induction: 

- if P is an n-ary predicate constant or variable, and ti,. . . ,tn are terms then 
P{ti, . . . ,tn) is a formula, called an atomic formula or simply an atom; 

- if (f>, ip arc formulas, then so arc -^({), (f) A ij); 

- if a; is an object symbol, / a function symbol, X is a predicate symbol and (f) is 
a formula, then 3x (j), 3/ and 3X cj) are formulas. 

A bounded occurrence of symbol cr in formula (j) is an occurrence of tr in a 

subformula 3(j^ of (j). A free occurrence of in is an unbounded occurrence. 
The set of symbols which occur free in is denoted /ree (</)). This set can also be 
defined inductively: 

- If is atomic, say of the form A{ti, . . . ,tn) then the set free{^) is the set of all 
object, relational and functional symbols occurring in 0; 

- free{^(p) := free{(p) ; 

- free{(j) Alp) := free{(p) U free{tp); 

- free{3a 4>) := free{4>) \ {a}. 

A relation symbol X has a negative (positive) occurrence in formula F li X has a 
free occurrence in the scope of an odd (even) number of occurrences of the negation 
symbol -i. 

A formula (f) is a. formula over vocabulary r if its free symbols belong to r 

{free{(p) C r). Wc use SO[t] to denote the set of all formulas over r; and we 
use FO[t] to denote the set of first-order formulas over t, that is those without 
quantified predicate or function variables. 

Wc use {(p V ijj), {cp D {(p ^ ijj), Va; (p, V/ (p and VX (p, in the standard way, 
as abbreviations for the formulas ^{^(p ^ ~'V')) ^ ~'V')) ^ ~'V') ^ ~'(V' ^ ""/*)) 
-i3x {-^(p), -^3f {-^(p), -'3X {-'(p), respectively. 

Having defined the basic syntactic concepts, we define the semantic concepts. 
Let A be a nonempty set. A value for an n-ary relation (function) symbol a of 
vocabulary r in A is an n-ary relation (function) in A. A value for a 0-ary function 
symbol, i.e., an object constant or variable, is an element of the domain A. A value 
for a 0-ary relation symbol Y is either or {()}, the singleton of the empty tuple. 
We identify these two values with false, respectively true. The value of the equality 
symbol is always the identity relation on A. The value of t is {()} (true) and the 
value of f is (false). 

A structure I for a given vocabulary r (in short, a r-structure) is a tuple of a 
domain dom{I), which is a non-empty set, and a mapping of each symbol a in r to 
a value in dom{I). If cr G r and 7 is a r-structure, we say that / interprets u. 

ACM Transactions on Computational Logic, Vol. V, No. N, February 2008. 



12 • Marc Denecker and Eugenia Ternovska 



We also use letters J, K, L, M to denote structures. Given I, n denotes the set 
of symbols interpreted by I. 

Let us introduce notation for constructing and modifying structures with a shared 
domain A. Let / be a r-structure, and a be a tuple of symbols not necessarily in 
T. Structure I[a : u] is a r U a-structure, which is the same as /, except symbols a 
are interpreted by values v in dom{I). Given a r-structure / and a sub- vocabulary 
t' ^T, the restriction of / to the symbols of r' is denoted 

Let t be a term, and let / be a structure interpreting each symbol in t. We define 
the denotation t^ of t under I by the usual induction: 

- if t is an object symbol cr, then is ct^, the value of cr in I; 

- if f = /(ti,..,t„), thent^ -.^ f{t{..,ti). 

Next we define the satisfaction or truth relation |=. Let / be a structure and let 
be a formula such that each free symbol in cf) is interpreted by /. We define I \= (t> 
(in words, (j) is true in I, or / satisfies (j)) by the following standard induction: 

- i^x{tr,..,tn)\i{tl..,ti)ex' ■ 

- / 1= 3(7 V if for some value u of a in the domain dom{I) of /, I[a : v] V'- 

Note that the truth of a formula (f) is only well-defined in a structure interpreting 
each free symbol of (/). We shall denote the truth value of in / by (j)^ , i.e., \i I \= (j) 
then (f)^ is true ({()}) and otherwise, it is false (0). 

Sometimes, we wish to investigate the truth value of a formula (j) as & function 
of the values assigned to a specific tuple of symbols a. We then call these symbols 
the parameters of (j) and denote the formula by 4'{a-). Let I be some structure and 
let t; be a tuple of values for a in the domain dom{I). We often write J |= to 
denote /[a -.v] |= 

Let X be an n-ary relation symbol and d be an n-tuple of elements of some 
domain A. We define a domain atom in A &s X[d\. For / a structure with domain 
A, the value of X[d\ in / is true if d € X^; otherwise it is false. For a vocabulary 
r, we define At^ as the set of all domain atoms in domain A over relation symbols 
in T. 

Suppose we are given a structure / with domain dom{I), a tuple S of n variables 
and a first-order formula (p{x) such that all its free symbols not in x are interpreted 
by /. The relation defined by (j){x) in the structure I is defined as follows: 

i? := {a I J ^ (j)[a], d € (dom(/))"}. 

We call R first-order definable in I. In this paper, we study inductive and non- 
monotone inductive definability. In this context, defined relations are not, in gen- 
eral, first-order definable. 

3.2 Preliminaries from Set and Lattice Theories 

3.2.1 Orders, Lattices, operators and fixpoints. A pre-ordered set is a structured 
set {W, <), where W is an arbitrary set and < is a pre-order on W, i.e., a reflexive 
and transitive binary relation. As usual, a; < y is a shorthand foTc x < y Ay ^ x. 
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A pre-well-founded set is a pre-ordered set where < is a pre-order such that every 
non-empty set S CW contains a minimal element, i.e., an element x such that for 
each y E S, ify < X then x < y. Equivalently, it is a set without infinite descending 
sequence of elements xq > xi > X2 > ■ ■ ■■ 

A partially ordered set, or simply poset, is an asymmetric pre-ordered set {W, <), 
i.e., one such that x <y and y < x implies x = y. A well-founded set is a pre-well- 
founded poset. 

A lattice is a poset {L,<) such that every finite set 5 C L has a least upper bound 

lub{S), the supremum of S, and a greatest lower bound glb{S), the infimum of S. 
A lattice {L,<) is complete if every (not necessarily finite) subset of L has both a 
supremum and an infimum. Consequently, a complete lattice has a least element 
(_L) and a greatest element (T). An example of a complete lattice is the power set 
lattice (Pow(A),C) of some set A. For any set S of elements of this lattice (i.e., 
for any set S of subsets of A), its least upper bound is the union of these elements, 
lub{S) = US. Thus, the greatest clement T of (Pow(A), C) is UPow(^), which is A. 
Similarly, glb{S) = CiS, and the least element _L of this lattice is nPow(A), which 
is 0. 

Given a lattice {L,<), an operator F : L ^ _L is monotone with respect to < if 
X < y implies T{x) < T{y). Operator F is non-monotone, if it is not monotone. A 
pre-fixpoint of F is a lattice element x such that T{x) < x. The following theorem 
was obtained by Tarski in 1939 and is sometimes referred to as the Knaster-Tarski 
theorem because it improves their earlier joint result. The theorem was published 
in [Tarski 1955] , and it is one of the basic tools to study fixpoints of operators on 
lattices. 

Theorem 3.2 existence of a least fixpoint. Every monotone operator over 
a complete lattice {W,<) has a complete lattice of fixpoints (and hence a least fix- 
point lfp{r) and greatest fixpoint gfp{T)). 

This least fixpoint lfp(r) is the least pre-fixpoint of F and is the supremum of 
the sequence {x^)^ which is defined inductively 

x«:=F(a;<«), and x<^ := lubix^lO < t] < 

Notice that cc^" is, by definition, _L. 

An operator F is anti-monotone if x < y implies T{y) < F(a;). 

Proposition 3.3. //Fi anrf F2 are anti-monotone operators, then Ti or2, the 
composition o/Fi and F2, is monotone. 

In particular, the square F^ = F o F of an anti-monotone operator is monotone. 

An oscillating pair of an operator F is a pair {x, y) such that F(a;) = y and 
F(y) = X. An anti-monotone operator F in a complete lattice has a maximal 
oscillating pair {x,y), i.e., for any oscillating pair {x',y'), it holds that x < x' and 
y' < y- Since {y, x) is also an oscillating pair, it follows that x < y. Moreover, 
since each fixpoint z of F corresponds to an oscillating pair {z,z), it follows that 
X < z < y. The maximal oscillating pair (x, y) of F can be constructed by an 
alternating fixpoint computation. Define four sequences {x"^^)^, (y^){, (y^^){ 

by the following transfinite induction: 

- x<^ = lub{{x'> : r] < ^}), 
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- x« = r(2/<f), 

- y<^ = 9lh{{y^:r^<£,)), 

- y€=r(a;<«). 

Note that = _L and t/^" = T. It can be shown that for each ^, a;^^ < a;^ < 
< ■ The following theorem holds. 

Theorem 3.4. [Van Gelder 1993] The sequence (x^)^ is ascending and its supre- 
mum is IfpiV^). The sequence {y^)^ is descending and its infimum is gfp{T'^)- The 
pair {lfp{r^), gfp{r^)) is the maximal oscillating pair ofT. 

We will use the following simple lemma on lattices. 

Lemma 3.5. Let Fi, r2 be two monotone operators in a lattice with least fixpoints 
lfp{Ti) = Oi, lfp{T2) = 02 respectively. 

(a) if ri{x) < r2{x) for each x < oi then oi < 02; 

(b) ifTi{x) < I'2{x) for each x > 02 then oi < 02- 

Proof, (a) Define o^ and of^ by induction: 

- o<«:=/«6(Kh<0), 

- ol.= T,{of). 

Then Oj is the limit of the increasing sequence (o?)|. Moreover, for each ^ : of < oi 
and of^ < oi. 

The proof is by transfinite induction. Obviously o" = ri(±) < r2(-L) = 03. 
Assume that for each rj < ^, < 6^. Then also of^ < ^. Then of = ri(of^) < 

r2{of)<T2{o<^)=oi 

(b) It holds that Oi is the least fixpoint and hence the least pre-fixpoint of Fj. 
Hence Oi = glb{{x \ ri{x) < x}). Since ri(x) < r2(x) for each x > 02, it holds 
that if X is a pre-fixpoint of r2, then x is also a pre-fixpoint of Fi. Thus we have 
{x I T2{x) < x} C {x \ ri(a;) < a;}. Since oi = glb{{x \ ^i{x) < x}), we have 
oi < 02- □ 

3.2.2 Lattice Homomorphisms and Congruences. Let {L, <) be a complete lat- 
tice and let = be an arbitary equivalence relation (i.e. a reflexive, symmetric 
and transitive relation) on L. For any x € L, we denote its equivalence class 
{y & L \ x=y} by |./:|. The collection of equivalence classes is denoted by L-. 
The relation = can be extended to tuples: {xi, . . . ,Xn)—{yi, ■ ■ . ,yn) if xi=yi and 
. . . and Xn—Vn- It is extended to subsets of L by defining for all S, S' C L: S=S' if 
for each x £ S there exists x' G S' such that x=x' and vice versa, for each x' G S 
there exists x £ S such that x=x'. 

An equivalence relation = on L is called a lattice congruence of {L,<) if for each 
pair 5,5" C L, S^S' impHes that lub(S)^lub(S') and glb{S)^glb{S'). We can 
define a binary relation < on L--. for all S,S' £ L-, define 5 < 5' if for some 
X € S,y G S' : X < y. It can be shown easily that if = is a lattice congruence, then 
the structure (L~, <) is a complete lattice. 

Let {L, <), {L', <') be two complete lattices. A mapping h : L —>■ L' is called a 
lattice homomorphism if it is a mapping onto (i.e., h{L) = L'), and for each S C L, 
h{glb<{S)) = glb<,{h{S)) and h{lub<{S)) = lub<,{h{S)). 
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The notions of lattice congruence and lattice homomorphism are strongly related. 
A homomorphism h : L ^ L' induces a relation = on L where x=y holds if h{x) = 
h{y), for all x,y L. The relation = is a lattice congruence of (L, <). Moreover, 
{L-, <) and {L' , <') are isomorphic. Vice versa, for each lattice congruence =, the 
mapping L L- such that a; ^ |a;| is a lattice homomorphism. 

Let h he a. lattice homomorphism from {L, <) to (L', <') and = the induced 
congruence on L. We say that an operator O : L ^ L preserves = if for all 
x,y G L, x=y implies 0{x)=0{y). In general, for any operator O : L", we 

say that O preserves = if for any pair of x, y G L™, x=y implies 0{x)=0{y). 

liO : L ^ L preserves = then for any x' G L', for any xi.yi G h~^{x'), h{0(xi)) = 
h{0{x2))- We then define the homomorphic image O'^ : L' ^ L' of O. This oper- 
ator maps x' G L' to y' iff for each x G h~^{x'), y' = h{0{x)). This definition can 
be extended to operators O : L". 

The following proposition describes relationships between O and O'*. 

Proposition 3.6. Let O be an operator which preserves =. 

(a) If O is (anti-) monotone, then is (anti-)monotone. 

(b) IfO is monotone then h(lfp(0)) = lfp{0^) and h{gfp{0)) = g!p{0'^). 

(c) If O is anti-monotone and (x. y) its maximal oscillating pair then {h{x),h{y)) 
is the maximal oscillating pair of O'^ . 

Proof. The proof of item (a) is straightforward and is omitted. 

(b) The least fixpoint lfp{0) is the limit of the sequence {x^)c^->o which is defined 
inductively 

x« := 0(.x<«), and .x<« := lub{x''\0 < ry < ^}. 

The point lfp{0^) is the limit of the sequence (y^)^ defined similarly using in 
the lattice L' . By a straightforward induction, one can show that for each ordinal 

^, h{x^) = y^. Since ft, is a lattice homomorphism, h{lfp(0)) = h(lub{{x^ \ ^ > 
0})) = lub{{h{xi) I ^ > 0}) = lub{{yi | ^ > 0}) = lfp{0''). The proof that 
KgfPiO)) = gfp{0^) is similar. 

(c) It is easy to show that {O^)^ is {O'^Y- Then (c) is a direct consequence of (b) 
and the fact that the maximal oscillating pair of O and are {lfp{0'^), gfp{0'^)), 
respectively {lfp{{0^f), gfp{{p^f)). 

□ 

3.2.3 Structure lattices. The type of lattices that play a central role in this paper 
are the sets of structures that extend a given structure. For a given vocabulary r 
and structure Ko such that tk„ Q t, define as the set of r-structures that 
extend Ko, i.e. the set of r-structures / such that I\tk„ = Ko- 

For any pair Ii , I2 of r-structures, define Ii C I2 if both structures have the 
same interpreted symbols , the same domain and the same values for all object and 
function symbols and for each interpreted relation symbol X, X-^^ C 

The structured set (<S]^^,C) is a partial order. In general, it is not a lattice, 
because elements I, J giving different interpretation to a function symbol / G r \ 
have no greatest lowerbound nor least upperbound in <S^^. However, if 
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interprets all function symbols of r, that is, if Tfn C tk^-, then (5^ , C) is a complete 
lattice. Its least element is the structure ^-K„ ■= Ko[X : 0] assigning the empty 
relations to all symbols X in r \ tk„ and its largest clement Tk^ is the structure 
assigning the cartesian product to each n-ary symbol X G t \ tk„ ■ 

The lattice (<SJ-^ contains many sublattices. In particular, for any structure K 
extending Ko such that tk^ Q tk Q t, {SJ^, C) is a sublattice of {SJ^^, C). 

In this paper, the family of structure lattices and homomorphisms and congru- 
ences on them play an important role. 

4. ID-LOGIC 

In this section, we present an extension of classical logic with non-monotone induc- 
tive definitions. This work extends previous work of the authors [Denecker 2000; 

Ternovskaia 1999]. 

4.1 Syntax 

First, we introduce the notion of a definition. We introduce a new binary connec- 
tive •*— , called the definitional implication. A definition A is a set of rules of the 
form 

{X{t) ^ if) where (1) 

— X is a tuple of object variables, 

— X is a predicate symbol (i.e., a predicate constant or variable) of some arity r, 

— t is a tuple of terms of length r, 

— ip is an arbitrary first-order formula. 

The definitional implication <— must be distinguished from material implica- 
tion. A rule Vx {X{t) ^ ip) in a definition docs not correspond to the disjunction 
yx{X{t) V -itp), but implies it. Note that in front of rules, we allow only universal 
quantifiers. In the rule (1), X{t) is called the head and ip is the body of the rule. 

Example 4.1. The following expression is a simultaneous definition of the sets of 
even and odd numbers on the structure of the natural numbers with zero and the 
successor function: 

Vx {E{x) ^ X = 0), ] 

V.T {E{s{x)) ^ 0(x)), \ . (2) 
V.T (0{s{x)) ^ E{x)) J 

Example 4.2. This is the definition of the transitive closure of a directed graph 

G: 

( Vx Vy {T{x, y) ^ G{x, y)), 
\ Vx Vy (T(x, y) ^ 3z {T{x, z) A T{z, y))) 

The definitions of bound and free occurrence of a symbol in a formula extend 
to the case of a rule and a definition A. A defined symbol of A is a relation 
symbol that occurs in the head of at least one rule of A; other relation, object and 
function symbols are called open. In the Example 4.1 above, E and O are defined 
predicate symbols, and s is an open function symbol. In the Example 4.2, T is a 
defined predicate symbol, and G is an open predicate symbol. We call A a positive 
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definition if no defined predicate X has a negative occurrence in the body of a rule 
of A. The definitions in Example 4.1 and Example 4.2 are positive. 

Let T be a vocabulary interpreting all free symbols of A. The subset of defined 
symbols of definition A is denoted . The set of open symbols of A in r is denoted 
rX- The sets and form a partition of r, i.e., U = r, and n = 0- 

Now we are ready to define the well-formed formulas of the logic. A well-formed 
formula of the Logic for Non-Monotone Inductive Definitions, briefly a ID-formula, 
is defined by the following induction: 

— If X is an n-ary predicate symbol, and t\, . . . ,tn are terms then X{ti, . . . ,tn) is 
a formula. 

— If A is a definition then A is a formula. 

— If (j), tp are formulas, then so are {-Kp) and Aip). 

— If ^ is a. formula, then 3cr is a formula. 

The definitions of bound and free occurrence of a symbol in a formula (sec Section 3) 
extend to ID-formulas </>. We shall denote the set of symbols with free occurrences 
in (f) by free{(p). 

A formula (f> is an ID-formula over a vocabulary r if free{4>) C r. Wc use 
SO(ID) [t] to denote the set of all formulas of our logic over fixed vocabulary r. The 
first-order fragment FO(ID)[t] is defined in the same way, except that quantification 
over set and function symbols is not allowed. 

Exam,ple 4.3. In the structure of the natural numbers, the following formula 
expresses that E and O are respectively the set of even and odd numbers, and that 
the number 2, which is representated by s(s(0)), belongs to E. 

yx {E{.s{x)) ^ 0{x)), \ A E{s{siO))). (4) 
Vx {0{s{x)) ^ E{x)) J 

Example 4.4. The Peano induction axiom is: 

VP[P(0) A Vn(P(n) D P{s{n))) D VnP(n)]. 

This axiom can be formulated in ID-logic as: 



3N 



Vx {N{x) ^x = 0), 1 , ■ 

Vx {N{s{x)) ^ N{x)) J ^ 



(5) 



D Va; N{x) 



(6) 



The first conjunct in this formula defines the set variable N as the set of the natural 
numbers through the standard induction. The second conjunct expresses that each 
domain element is a natural number. An equivalent alternative formalisation is: 

Vx {N{x) ^x^O), 
V.X (A(s(a;)) ^ N{x) 

The equivalence of axioms (5) and (6) follows from the fact that the defined set is 
unique. The uniqueness is guaranteed by the semantics we define next. 

In the sequel, wc use to denote the ID-theory consisting of axiom (5) and the 
two other Peano axioms: 

Vn -(s(n) = 0), 
VnVm (s(n) = s{m) D n = m). 
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4.2 Semantics 

The exposition below is a synthesis of different approaches to the well-founded 
semantics, in particular those presented in [Van Gelder 1993; Fitting 2002; Denecker 
et al. 2001a]. We begin by defining the operator associated with a definition A. 
We shall assume that definitions are finite sets of rules. The theory can easily be 
extended to the infinite case (using infinitary logic). 

Any definition containing multiple rules with the same predicate in the head can 
be easily transformed into a definition with only one rule per defined predicate. 

Example 4.5. The following definition of even numbers 

r Vx {E{y) ^y = 0), \ 
\ yx {E{s{s{x))) ^ E{x)) / 

is equivalent to this one: 

{ Va; {E{y) ^y = OV 3x{y = s{s{x)) A E{x))) } . 

In general, let A be an arbitrary definition with defined relational symbols X := 
{Xi, . . . ,Xn). For each defined symbol X of A, we define: 

(fixix) ■■= 3yi (x = ti A (fix) W • • • V 3y„ (x = i„ A ipm), (7) 

where x is a tuple of new object variables, and Vyi {X{ti) ^ (pi), . . . , Vy^ {X (tm) <— 
(fim) are the rules of A with X in the head. Then A is equivalent to the definition 
A' consisting of rules Wx{X{x) ^ ipx{x)). The formulas ipx{x) play an important 
role in defining the semantics of definitions. 
Let A be definition over a vocabulary r. 

Definition 4.6 operator Fa- We introduce a total unary operator Fa : T 
where T is the class of all r-structures. We have /' = Fa(/) iff 

— dom(T) = dom,{I'), 

— for each open symbol a, — and 

— for each defined symbol X e ta, 

X'' := {d \I^^x[d]}, 
where ipXi is defined by equation (7). 

Let lo be a structure interpreting the open symbols of A in r. Lattice {SJ^, C) 
consists of all r-structures that extend /q. Operator Fa is an operator on this 
lattice. If A is a positive definition (no negative occurrences of defined symbols 
in rule bodies), then Fa will be monotone. The least fixpoint is the limit of the 
sequence (/^)| which is defined inductively: 

7« := Fa(/<^), and 7<« := | < < ^}. 

Notice that is, by definition, the bottom element -L/^, := Io[X : 0] in the lattice. 

In general, Fa is a non-monotone operator with no or multiple minimal fixpoints. 
Iterating the operator starting from the bottom element may oscillate and never 
reach a fixpoint, or, when it does reach a fixpoint, this fixpoint may not be the 
intended fixpoint. 
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Example 4.7. Consider the following propositional definition; 

P^t, ] 
Q^^P, }. 
Q^Q J 

Formally, structures of Ag arc mappings of the symbols P, Q to 0-ary relations. 
We will represent such a structure in a more traditional way as the set of the 
propositional symbols that are true (i.e., that are interpreted by {()}). 

Notice that, in definition Aq.Q depends on P. In ID-logic this definition is 
understood as a 2-level iterated inductive definition (Aqi, A02), where 

Aoi := {P ^ t}, 

A02 ■.= {Q^^P , Q}. 

By applying iterated induction, we obtain {P} for the first level, and then for 
the second. Consequently, the intended model of this definition is {P}. On the 
other hand, if we iterate the operator Faq from the empty structure, we obtain 
immediately the fixpoint {P,Q}. 

The intuition underlying the semantics is to use definitions to perform iterated 
induction, while following the implicit dependency order given by the rules. We 
explain how this intuition is formalised in the well-founded semantics. Wc compute 
a converging sequence of pairs (/^, J^){>o of r-structures extending /q. In each pair, 

represents a lower bound to the intended model of A extending lo] represents 
an upper bound: domain atoms true in can be derived from the definition; 
atoms false in cannot be derived; for all atoms false in and true in J^, it 
is not determined yet whether they can be derived or not. Alternatively, a pair 
can be understood as a 3-valued structure defining the truth value of part 
of the defined domain atoms, namely those domain atoms A for which = A"^^ . 
Thus, the pair {I^,J^) represents approximate information about what can and 
what cannot be derived from A in /q. 

The construction process starts with the pair (-L/„, T/_^) of the least and largest 
element in the lattice SJ . This pair obviously consists of a lower and and an upper 
bound of what can be derived from the definition. Assuming we have obtained a 
pair (7^, J^) of a safe lower and upper bound, we then apply an operation which 
transforms this pair into a new pair J^~^^) with an improved lower and upper 

bound. By iterating this operation, a sequence (/^, J^)^>o of increasing precision 
is constructed. The sequence of lower bounds (/^)j>o is monotonically increasing 
and has a limit I (its lub); the sequence of upper bounds (J^){>o is monotonically 
decreasing and has a limit J (its gib) such that I Q J. The pair of limits (7, J) is 
the result of the construction and represents the information that can be derived 
from A in the context of the structure lo- The definition A properly defines its 
defined symbols in 7o if 7 = J, that is, if for each defined domain atom A, A^ = A'^ . 
If 7 = J, then we will call A total in 7o and 7 the extension of lo defined by A. If 
I ^ J, then there will be no extension of 7o defined by A. 

We now explain how a pair (7^, J^) of lower and upperbound is refined into a 
new pair (7*+^, J^+^). The idea is to compute the new lower bound 7^+^ and upper 
bound J^+^ by monotone induction using the existing bounds (7^, J^). We cannot 

ACM Transactions on Computational Logic, Vol. V, No. N, February 2008. 




20 • Marc Denecker and Eugenia Ternovska 

use Fa for this, due to its non-monotonicity, but there is a way. 

In general, defined symbols have positive and negative occurrences in the rule 
bodies (px{x). The negative occurrences arc responsible for the non-monotone 
behaviour of the operator Fa: adding more tuples to the value of a negatively 
occurring defined symbol in fxix) has an anti- monotone effect on the derived 
relation and may lead to the derivation of fewer tuples a, satisfying this formula. 
Thus we can eliminate the non-monotonicity of Fa and set up a monotone induction 
process using A if we fix the value of negative occurrences of defined symbols in rule 
bodies. Suppose we choose a fixed structure Af to evaluate the negative occurrences 
of defined symbols in rule bodies. We can then perform a monotonic derivation 
process ±j„ , , K^, ... in which each K^~^^ is derived from A by evaluating positive 
occurrences of defined symbols in each fx{x) with respect to K'^ and negative 
occurrences with respect to M. This process will be monotone. 

We first choose M to be 7^: negative occurrences of defined symbols are inter- 
preted by the lower bound of what can be derived. Thus, during the derivation 
process of ±j^,K^, K"^, . . . , we systematically underestimate the truth of negative 
occurrences of defined predicates. Due to the anti- monotone effect of negative oc- 
currences of defined symbols on what can be derived, in each stage , too many 
atoms may be derived. Consequently, the limit of this derivation process yields 
an upper bound of what can be derived, and we take it to be our new upper 
bound J^~^^ . Second, we choose Af to be J^, our best upper bound so far on what 
can be derived. Thus, during the derivation process _L/^, L^, L^, . . . , we system- 
atically overestimate the truth of negative occurrences of defined symbols, and in 
each derivation stage K^, too few atoms are derived. Therefore, the limit of this se- 
quence represents a lower bound of what can be derived and we define it to be 1^+^. 
We have constructed our new approximating pair , J^~^^), by two monotone 
inductions. 

It is now easy to understand in what sense the above construction follows the 
natural dependency order between domain atoms, induced by the rules of a defini- 
tion. Assume that at some stage (/^, J^), the truth of a domain atom A has not yet 
been fixed (i.e. A^^ ^ A''''), but the truth values of all atoms on which A depends 
negatively have been derived. In the fixpoint computations — K'"\ K^, K^, . . . 
with limit J«+i and l/^ = L°, L^,L'^,... leading to /«+\ the structures K° and L° 
evidently coincide on all atoms on which A depends, and this property is preserved 
during the induction, since the structures and which arc used to evaluate 
negative occurrences of defined symbols, coincide on all atoms on which A depends 
negatively. Therefore, the new lower and upperboimds 7^+^ and J^+^ will coincide 
also on the value of A. Consequently, in this step the truth value of A is obtained. 

Now, we will formalise the above concepts. Let A be a definition over vocabulary 
r (/ree(A) C r). The basis of the construction of the well-founded model is an 
operator Ta mapping pairs of r-structures to r-structures. Given such a pair 
(7, J) , the operator Ta operates like Fa, but evaluates the bodies of the rules in 
a different way. In particular, it evaluates positive occurrences of defined symbols 
in rule bodies by 7, and negative occurrences of defined symbols by J. 

To formally define this operator, we simply rename the negative occurrences in 
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rule bodies of A. We extend the vocabulary r with, for each defined symbol X, 
a new relation symbol X' of the same arity. The extended vocabulary tU X' will 
be denoted r'. Then in each rule body in A, we substitute the symbol X' for each 
negative occurrence of a defined symbol X, thus obtaining a new definition A'. For 
example, given the following definition 

r VxVy (P(x) ^ S{x, y, z) A ^P{y)), \ 
\\ixiy {P{x) ^ ^Q{x,y,z) ^P{y)) /' 

we rename selected occurrences of P by P', as described above, and obtain 

, r VxVy (P{x) ^ S{x, y, z) A -P'(y)), 1 
■ \ yxVy (P(,x) ^ ^Q{x, y, z) A P{y)) / " 

The definition of A' defines the same predicates as A and its open symbols are those 
of A augmented with the new primed predicates X' . Moreover, a defined symbol 
X has only positive occurrences and a primed symbol X' only negative occurrences 
in rule bodies of A'. Thus, A' is a positive definition over the vocabulary r'. As 
described in the formula (7), with each defined symbol X, we construct the formula 
ip'^ using A' instead of A. can be obtained also from (px by substituting Y' 
for Y in all negative occurrences of all defined symbols Y in ipx- 

For any pair of r-structures /, J which share the same domain, define Ij as 
the r'-structure J\X : X^,X' : X-']. This Ij is a r'-structure which satisfies the 
following: 

— its domain is the same as the domain of / and J, 

— each open symbol of A is interpreted by J, 

— each defined symbol of A is interpreted by /, 

— the value of each new symbol X' is X"^, the value of X in J. 

It is clear that for some defined symbol X, evaluating (p'^ under // simiilatcs 
the non-standard evaluation of (fx where J is "responsible" for the open and the 
negative occurrences of the defined predicates, while / is "responsible" for the 
positive ones. 

Let A be a definition over some vocabulary t. 

Definition 4.8 operator Ta- We introduce a partially defined binary operator 
Ta : X X X I— > J, where I is the class of all r-structures. The operator is defined 
on pairs of structures which share the same domain, and is undefined otherwise. 

We have/' = Ta(/, J) iff 

— dom,{I') = dom{J) = dom{I), 

— for each open symbol a, := and 

— for each defined symbol X G Ta, 

X'' := {a\Ij^p'x\dW, 

where formula is defined by equation (7) applied to A'. 

This definition is equivalent to defining Ta(/, ^) := rA'(/j)|T5 for any pair of 
r-structures /, J such that dom{I) = dom{J). 
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Proposition 4.9. Let Iq be a fixed t'^- structure. In the lattice SJ , the oper- 
ator Ta(/, J) is monotone in its first argument, and anti-monotone in its second 
argument. 

Proof. Select arbitrary r-structurcs /. /', J, J' with the same domain such that 
J|^o = J'l^o , I rr and J' E J- We need to show that Ta(/, J) E Ta(/', J')- Let 
L = Ta(/, J) and L' = Ta{I', J')- 

It holds that L and L' have the same domain and that for each open symbol 
cr G Ta, cr^ = o"^ = o"^ = . So, it suffices to verify that for each defined symbol 
X, C X^' . Let a be any element of X^. It holds that Ij |= ip'x\a]. The 
structure J'j' assigns the same value to open symbols in ip'-^, greater value to the 
defined symbols X which occur positively in (^^, and lesser value to the defined 
symbols X' which occur negatively in ip'^ ■ Consequently, it holds that /' j' \= ip'x [a] • 
We find that a e X^ . We obtain our proposition. □ 

The next corollary shows a connection between operators Ta and Fa- 

Corollary 4.10. For any r-structure I, it holds that Ta(/, /) = Ta{I). 

Proof. Follows immediately from the fact that 7/ \= ^p'^. [a] iff / |= <pxi [a]- □ 

The proposition has another interesting corollary. 

Corollary 4.11. Let I, M, J be three r-extensions of Ko such that I Q M Q J. 
Then it holds that Ta{I, J) E Fa(M) C Ta(J, /). 

Proof. Since / C M C J, Proposition 4.9 entails that Ta(-?, J) E ~^a{M, Af) = 

FaCM) CTaCJ,/). □ 

This corollary shows that Ta can be used to approximate Fa over an interval of 
structures. Indeed, if {I, J) is an approximation of M (i.e., M e [I,J\) then the 
corollary shows that (Ta(/, J),Ta(J, /)) is an approximation of Fa(M). We shall 
elaborate on the approximation process in a moment. 

Let J be a r-structure, and Jo its restriction to t^. The unary operator XI Ta(/, J), 
often denoted by Ta(-, J), is a monotone operator in the lattice Sj^; and its least 
fixpoint in this lattice is computed by 

lfp{TA{;J)) :=|Ji?«, where 

:= Ta(S<«, J), and E<^ := [J E''. 

Definition A. 12 stable operator. Define the stable operator ST a : I I as fol- 
lows: 

STa{J) :=/^(Ta(-,J)). 

The operator Ta(/, J) performs one derivation step by interpreting positive oc- 
currences of defined symbols by I and negative occurrences by J. The stable oper- 
ator performs a monotone induction during which negative occurrences of defined 
predicates X in A are interpreted by the fixed value X^. 
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Example 4.13. We illustrate the stable operator with the definition of Example 
4.7: 

[Q^Q J 

This definition has no open symbols and is equivalent to the following definition: 

It is straightforward to see that in a prepositional definition, the mapping S'Tao(J) 
for any J is the least fixpoint of the positive definition obtained by substituting each 
negative occurrence of a defined symbol and each occurrence of an open symbol by 
its truth value in J. Thus, the stable operator maps the empty structure to the 
least fixpoint of the definition: 




This yields the structure {P, Q}. 

Similarly, the stable operator maps the structure {P, Q} to the least fixpoint of 
the definition: 

This yields the structure {P}. Likewise, the stable operator maps {P} to the least 
fixpoint of the same definition, and this yields {P} itself. 

Proposition 4.14. Let lo be a fixed restructure. Operator STa is anti-monotone 
on SJ . 

-'o 

Proof. Let / C J be r-extensions of /q. To show that STa is anti-monotone, it 
suffices to show that any prc-fixpoint of Ta(-, /) is a pre-fixpoint of Ta(-, J)- It will 
follow then that STa{J), the least pre-fixpoint of Ta(-, J), is smaller than STa{I), 
the least pre-fixpoint of Ta(-, 

Assume that for any J' lE SJ , T a{ J' , I) C ,/'. Then, by anti-monotonicity of Ta 
in the second argument (Proposition 4.9), Ta{J', J) E Ta(J',/) C J'. Thus J' is 
a prc-fixpoint of Ta(-! J) and this entails that the least (pre-)fixpoint of Ta(-, J) is 
less than the least (prc-)fixpoint of Ta(-, I)- □ 

Fix some r^-structure Iq with domain A of the open symbols of A in r. 
As is standard for anti-monotone operators on a complete lattice (see Section 
3.2), the operator STa gives rise to a sequence (/^, J^){>o in >5£ defined by 

■■= STa{J<^), where J<« := n„<^ J", 
J« := S'Ta(/<«), where /<« := U^<^I''. 

Notice that is, by definition, the bottom element _L/^ of the lattice, i.e., the 
structure which assigns to every defined symbol; and J^" is the top element T/^ 
which assigns Cartesian product to each r-ary defined symbol X of A. 
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The anti-monotonicity of Fa implies that the sequence (/^)j>o is increasing and 
(J^)l>o is decreasing. Moreover, for each ^, C J^. Thus, it holds that the 
sequence (/^, J^)^>o is indeed a sequence of increasingly precise approximations. 
This sequence has a limit {I, J), which is the maximal oscillating pair of STa- 
Equivalently, / and J are fixpoints of the square ST^, lfp{ST^) and gfp{ST^), 
respectively. 

In the lattice SJ , we define 

/o^^ := IfpiSTl). and I^^^ := gfpiSTl). 
We extend this notation to any structure L which interprets at least and define 
L^^ := (L|,o and L^T {L\,o^f\ 

Note that L^^ and L'^T agree with L on the open symbols but not necessarily on 

the defined symbols. 

Definition 4.15 total definition. Definition A is ioia/ in r^-structure Iq if /q'^''' = 
/q^^- If tk C t^, we say that A is total m if if A is total in each r^-structure 

extending K . If C r^e C r, then we say that A is total in jf if A is total in 
K\t'^. We say that a definition A is total if it is total in each r^-structurc /q. 

The aim of a definition is to define its defined symbols. Therefore, a natural 
quality requirement for a definition is that it is total. 

Definition 4.16 / satisfies A. We say that r-structure / satisfies A, or equiva- 
lently, that A is true in I (denoted 7 ^ A) if A is total in I and I^^ is identical to 
I. 

Let / be any structure such that C r/ C r. 

Definition 4.17 A-extension of I. Let A be total in /. Define the A-extension 
of I, denoted I^, as := I^^ (or, equivalently, 7^ := 7^T). if A is not total in 
I, then 7 has no A-extension. 

Note that for any rX-structure lo, there is at most one A-extension extending Iq. 

Example 4.18. We illustrate the iterative process described above with the def- 
inition of Example 4.7, which is equivalent to the following definition 



The first pair in this sequence is the least precise pair that approximates all struc- 
tures: 

7<o := 0, 
J<o := {P,0}. 

To compute the new upper bound J°, we apply the stable operator on 7^" which 
yields, as shown in Example 4.13, {P,Q}. To compute the stable operator is 
applied on = {P,Q} which yields {P}. Note that at this moment, 7° and J° 
agree on the fact that P is true. So, after this first step, we have derived that P is 
true. 
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In the next step, we obtain P = [P] = J^. We derived that Q is false. The next 
iteration produces exactly the same pair, so, we obtained a fixpoint with identical 
lower and upper bound {P}. The definition Ao is total. Since there arc no open 
symbols, {P} is the unique Ao-extension. It coincides with the structure that we 
obtained in Example 4.7 by applying iterated induction. 

Example 4.19. Consider the definition: 

r Vx {E{x) ^ X = 0), 1 

which is equivalent to: 

{ Vx [E{y) ^ 2/ = V 3x{y = s{x) A ^Eix))] } . 

We show that in the extension of Ae^en in the natural numbers, E is interpreted 
by the set of even numbers. Note that this definition has no positive occurrences of 
the defined predicate E. Therefore, "TAeveni^'J) — ^^eveni^)' sharing 
the same domain. 

The well-founded model computation starts in the least precise pair extending 
the natural numbers: 

E'^' := 0, 
E^^' := N. 

To compute the new upper bound J°, we apply Fa^^^^ on J<°. Since satisfies 
the body of the rule for each natural number, we obtain the set N as a new upper 
bound. As a new lower bound, we derive the singleton {0}. At this point, we 
derived that is even. 

E^' := {0}, 
E'" := N. 

In the next step, since the upper bound did not change, we derive the same lower 
bound. When computing the new upper bound, we obtain all natural numbers 
except 1. This means that we derived that 1 is not even: 

E'' := {0}, 
E^' := N\{1}. 

In the third step, the upper bound remains unaltered. With respect to the lower 
bound, we can now derive both and 2: 

E'" := {0,2}, 
E''" := N\{1}. 

In the subsequent step, we obtain the same lower bound, but 3 is eliminated from 
the upper bound. 

E'' := {0,2}, 
E'^^ := N\{1,3}. 

After iterating this process uj steps, wc obtain the fixpoint: 
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Now we are ready to define the satisfaction relation between structures and well- 
formed formulas of the logic. 

Definition 4.20 (f) true in structure I. Let be a ID-formula and I any structure 
such that free{(t)) C r/. 

We define I \= (j) {m. words, (f) is true in I, or / satisfies 4>, or / is a model of (p) 
by the following induction: 

if eX^; 
— / \= ipi A ip2 ii I \= ipi and / |= ip2] 
— / ^ if 7 ^ ^; 

— / 1= 3(7 V if for some value of cr in the domain dom{I) of /, I[a : v] |= 
— Aif/ = /^i = /^T. 

Given an ID-theory T over r, a r-structure I satisfies T (is a model of T) if I 
satisfies each (f> E T. This is denoted by / |= T. 

Example 4.21. Consider the theory of Example 4.4. We prove that each 
model I of Tn is isomorphic to the structure of the natural numbers. Let I be 

a model of this theory. First, since / satisfies the first-order Peano axioms, the 
domain elements 0^, s(0)^, . . . , s'"{Oy , . . . are pair- wise distinct and the set of these 
domain elements constitutes a subset of dom,{I), isomorphic to the natural numbers. 
Therefore, it suffices to show that this set is exactly the; domain of /. Since / satisfies 
the ID-axiom replacing the induction axiom, there exists a set 5 C dom{I) such 
that I[N : S] satisfies 



Since I[N : S] satisfies Va; N{x), S must be dom{I). As proven later in Theorem 7.3, 
I[N : S] satisfies the positive definition in this axiom iff S is the least set containing 
O'^ and closed under . Hence, dom{I) is exactly the set {0^, s(0)^, . . . , .s"(0)^, . . . }. 

Example 4.22. An ID-theory can contain multiple definitions for the same pred- 
icate. A simple illustration is when a natural class is partitioned in subclasses in 
different ways, depending on the property used. For example, humans can be par- 
titioned in males and females, but also in adults and children, etc.. This is modeled 
by the following formula: 

f Va; {Human{x) <— Male{x)), \ /\ f {Human{x) <— Adult{x)), 1 
1^ Va; {Human{x) <— Female{x)) J | Va; {Human{x) <— Child{x)) J ' 

This formula implies that the class humans is the union of the classes males and 
females, and also of the classes adults and children. The definition 



is weaker, in the sense that it does not entail that humans are either males or 
females. 
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4.3 Total Definitions 

Totality of non-monotone definitions is a fundamental property in our theory of non- 
monotone induction. In particular, it indicates that a definition is well-constructed, 
i.e., does not produce undefined atoms. 

Example 4.23. Consider the following definition: 

A2 := { P ^ } . 

One verifies that the iterated induction yields the limit (0,{P}). This definition 
has no model. 

Example 4.24. Consider the definition: 

P 



The iterated induction yields the limit (0, {P, Q}). The definition has no model. 

The next example shows that a (useful) definition which is total in one structure, 

may not be total in other structures. 

Example 4.25. Consider the definition of Example 4.19: 



A 



even •~ 



/ Va; {E{x) ^x = 0), 



yx iE{s{x)) ^ -^E{x)) 

Recall that the stable operator of this definition is identical to Fa^^^,, • In Example 
4.19, we showed that this definition is total in the structure of the natural numbers. 
It is not total in many other structures, in particular in those where the successor 
function contains cycles or infinite descending chains. For example, Aei,eri is not 
total in the structure Jq with domain {0,1}, and s^°(0) = l,s^°(l) = 1. In this 
structure, the maximal oscillating pair (/, J) of Fa^„^„ interprets E as follows: 

:= {0}, 
EJ := {0,1}. 

The reason for this oscillation is that in this structure, atom E[l] depends on -ii?[l]. 

Definition Aeven is not total either in the structure Jo' with domain Z and 
the standard successor function on Z. In this structure, the maximal oscillating 
pair (7, J) of ^A^yen interprets E as follows: 

E^ := {2n\ne N}, 

E-^ := {n I n < 0} U {2n\n e N}. 

Example 4.26. Recall the theory Tpj of Example 4.4, 



3N 



Vx (N(x) ^x = 0), ] ^ 

Vn -i(s(n) = 0), 
^rNm {s{n) = s(m) n = m). 



and the definition of Example 4.19, 



Ae„en - {s^^^ {E{s{x)) ^ ^E{x)) ]' 
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In Example 4.21, we saw that the natural numbers are the unique model of Tpj 
(modulo isomorphism). In Example 4.25, we saw that Ag^ert is total in the natural 

numbers. Consequently, ^evcn is total in Tn. The theory TNU{Aet,eri} is consistent 
and has one model, the natural numbers and E interpreted by the even numbers. 

What is the cause of the non-totality of a definition? In the above (examples, the 
natural dependency order, induced by the rules, contains infinite descending chains 
in which atoms depend negatively on the same or other atoms. When this happens, 
the stable operator oscillates between a structure in which all atoms of the chain 
are false and one in which these atoms are true. 

When A is not total in Jq, Definition 4.20 states that there is no model that 
extends /q. To cope with siich cases, we might adopt an alternative definition of A- 
extcnsion and define the A-extension of /q as a 3-valued structure. With (I^^ ^ 
a unique three-valued structure corresponds which coincides with I^^ and /^^ on 
all atoms where I^^ and /^^^ agree and is undefined on all atoms where /^^ and 
I^^ disagree. This is the option that has been taken in the original well-founded 
semantics of logic programming. In this paper, we will stick to a 2-valued solution 
and avoid the complexities caused by using three-valued logic. 

Notice that we cannot restrict the syntax of the logic to allow total definitions 
only. Such a restriction would lead to undecidable syntax — there would be no 
procedure which would decide, for a given formula whether is a well-formed 
formula of the language. This is because the problem of determining, for a given 
definition A and structure /q, whether A is total in /q, is undecidable [Schlipf 1995]. 

For important classes of definitions, it is known that they are total. For example, 
positive definitions are total in any structure. For other types of definitions, tech- 
niques must be developed to prove that they are total. In this paper, we develop 
such techniques. 

5. REDUCTION RELATIONS 

In Section 2.5, we mentioned that a definition implicitly induces a dependency 
relation between atoms and that the well-founded semantics performs iterated in- 
duction along this dependency relation, in the sense that the truth assignment to 
an atom is delayed until enough information about the atoms on which it depends 
has become available. This shows that the notion of dependency relation induced 
by a definition is important. In this section, we formalise this intuitive concept 
by the notion of reduction relation. Intuitively, a reduction relation -< is a binary 
relation between domain atoms such that for each defined atom P[a], the truth of 
its defining formula (^^[0] depends only on the truth of atoms (5[6] -< P[a]. In the 
next paragraphs we formalise what this means. 

Let T be a vocabulary and A a domain. Recall that At\ denotes the set of 
domain atoms over vocabulary r in domain A. Let -< be any binary relation on 
At\. If -< -P[a], we will say that P[a] depends on (according to <). 
The binary relation ^ is derived from ^ in the following way: (5[&] -4< P[a] iff 
(5[6] -< P[a] A P[o] 7^ Intuitively, P[a] depends on (5[6] but not vice versa. 

For any domain atom P[a] G At\, for any structure / with domain A such that 
T/ C r, define |/|^p[a] as the structure I\X : R] where X is the set of relation 
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symbols in t/ and for each relation symbol X £ X, its value is given by 

R:={d\ I\= X[d] and X[d] ^ P[d]}. 

Intuitively, |/|^p[a] falsifies all true atoms Q[b] on which P[a] does not depend. The 
operation | • \^p[a] is an idempotent operation, that is |(|/|^p[a])|^p[a] = |-^Up[a]- 

For any pair /, J of structures with domain A, wc define / =^p[a] J if |-^|^p[a] = 
l-^l^pfo]- When I =^p[a] J, then / and J interpret the same symbols, assign the 
same value to all function symbols, and assign the same value to all domain atoms 
Q\b] -< P[a]. We extend this relation to tuples and define (/,./) — -<p[a] (I' : J') if 
I =^p[g] I' and J =^p[g] J'. Intuitively, (/, J) =^p[g] (/', J') means that (/, J) 
and (/', J') are identical on all atoms on which P[a] depends. 

Recall from Section 4 that for any defined symbol P of A, f'p{x) is obtained 
by renaming negative occurrences of defined symbols in ipp(x). For each pair of 
r-structures /, J with domain A, the associated r'-structure Ij is the structure 
J[X : X^ ,X' : X'-'] where X is the collection of defined symbols of A. 

Assume a definition A over r and a structure K^, with domain A such that 

Definition 5.1 reduction relation. A binary relation -< on Af^ is a reduction re- 
lation (or briefly, a reduction) of A in if for each domain atom P[a\ with P a 
defined symbol, for all r-structures /, J, /', J' extending K^, if (/, J) — ^p[a] (-^'i J') 
then I J H ip'p[a] iff I' j> \= ip'p[a]. 

Example 5.2. For the following definition 

( Vx {E{x) ^ a; = 0), \ 

[ V.T (0(,s(x)) ^ J 

a reduction -< in the structure of the natural numbers is the relation represented 
by the set of tuples: 

{{E[n], 0[n + 1]), (0[n], E[n + 1]) | n e N}. 
Also its transitive closure -<* is a reduction. 

It can be easily verified that, e.g. for an atom E[n -1-1], if structures /, J agree 
on the atom 0[n] -< E[n + 1], then rA(/) and Ta{J) will agree on the value of 
E[n+1]. 

Example 5.3. Reduction relations are context dependent. Consider the following 
prepositional definition: 

P^QAR, \ 
Q ^PA^R}' 

The relation -<i:= {{Q,P),{R,Q),{R,P)} is a reduction relation of A in the 
rX-structure {R} but not in the rX-structure 0. Vice versa, the relation -<2-= 
{{P, Q), {R, Q), {R, P)} is a reduction relation of A in but not in {R}. 

Let ^ be a reduction of A in ii'o. 

Proposition 5.4. If Kj extends K^, then -< is a reduction of A in Kj . 
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Proposition 5.5. Any superset ^' of ^ is a reduction relation of A in Kq. 

In particular, the transitive closure and the reflexive transitive closure of a reduction 
are reductions. This stems from the fact that / =^/p[g] J implies I — xP[a] J- 

As shown by this proposition, a definition A may have many reduction relations 
in Ko- The total binary relation -<t= At]^ x Af^ is always a reduction relation. 
Since I =^^p^a] J iS I = J, the relation -<t trivially satisfies Definition 5.1. It can 
be seen here that a reduction relation in general overestimates the dependencies 
between domain atoms in a definition. Only the least reduction relation of a defini- 
tion reflects the true dependencies. However, as shown in the next example, some 
definitions do not have a least reduction relation. 

Example 5.6. Consider the following definition in the context of the natural num- 
bers: 

A := { P 3n\/m{m > n D Q{m)) } . 

The predicate Q is open in this definition. This definition defines P to be true if 
there exists a number n such that Q contains at least all natural numbers larger 
than n. It can easily be verified that for each n G N, the relation 

-<n= {{Q{m),P)\m > n} 

is a reduction relation of A in N. The intersection of these relations is 0, and this 

is not a reduction relation of A. 

We defined the operator Ta as a map from pairs /, J of r-structures with shared 
domain to the interpretation J' extending J|t-o such that for each defined atom 

P[a\, P\oi\'^ is true iff <^p[a] is true in Ij. We have the following proposition. 

Proposition 5.7. Let -< he a reduction relation of A in Kq, P[a\ a domain atom 
and let /, /', J, J' be T-structures extending Ko such that {I, J) =^p[g] (/', J'). 

(a) IfP is defined then PfaJ^AU.-^) = P[a]TAU',^'). 

(b) If -< is transitive, then Ta{I, J) — xP[a] Ta(/', J')- 

The condition of item (b) that -< should be transitive is not very restrictive since 
the transitive closure of a reduction is a reduction as well. 

Proof, (a) Since P is a defined predicate of A, P[a]^'^(^'"'' is the truth value of 
if'p [a] in I J and likewise P the truth value of (p'p[a] in I' j>. Since -< is 

a reduction relation, the truth value of this formula is the same in Ij as in I'ji. 
(b) Assume that ~< is transitive. Let Q\b] be an arbitrary domain atom such that 
Q[b] ^ P[aJ. If Q is an open predicate of A then Q[b]'^^^^-^^ = Q[b]-' = Q[by' = 
Q[b]^^^^ \ Let Q be a defined predicate of A. By transitivity of the set of 
atoms on which depends is a subset of the set of atoms on which P[a] depends. 
This, and the fact that (/, J) =^p[a] {!', J') implies that (J, J) =^q[6] (/', J')- By 
application of (a) we obtain that Qfb]"^^^^'-^) = (5[6]"r^(^'-^'). 

□ 

Under the condition that ^ is a transitive reduction, item (b) of this proposititon 
states that Ta preserves =^p[^], for each domain atom P[a]. This is a key property. 
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The reduction relation -< defines a collection of lattice congruences =^p[a] in 5^ , 
one for each domain atom P[a]. The operator Ta is the basic operator in the 
well-founded model construction. The fact that it preserves the congruences =-<p[a] 
"propagates" to the stable operator STa and to the construction of the well-founded 
model. This leads to the main theorem of this section. 

Let A be total in Ko and -< a transitive reduction relation of A in Ko- 

Theorem 5.8. For t^- structures Io,Jo extending Ko, lo — xp[o] -^o implies 

T A ^ jA 

J^o =-<P[a] 'Jo ■ 

In other words, the value of a defined atom P[a] depends only on the open atoms 
on which P[a] depends according to reduction relation -<. 

Consider the lattice which consists of r-structures extending Kq. To prove 
the theorem, we will show that | • |^p[a] is a lattice homomorphism and =^p[a] the 
corresponding lattice congruence (confer Section 3.2.2). Since Ta preserves ^^p^^, 
by application of the basic Proposition 3.6, it will be easy to show that also the 
stable operator STa preserves =-^p[a] that the statement of the theorem holds. 

Let ^ be a transitive reduction of A in Ko and assume that Tfn ^ tk^ ^ t. Then 
{^K^i C) is a complete lattice. For any domain atom P[a], we define the collection 

^K^^°^ as the image of under the mapping | • |^p[a]. 

Proposition 5.9. The structure {S^^^°'\^) is a complete lattice. The map- 
ping I • |^p[a] : SJ^^ '^if^'"' 0- lotttice homomorphism and its induced lattice 
congruence is =^p[o]. The operator Ta preserves =^p[^]. If Ko is idempotent 

(i.e., \Ko\^p[a] = Ko), the homomorphic image of J a on S^^^"'^ is the operator 
|TA(-.-)Up[a]- 

Proof. The proposition is straightforward. We prove only the last item. If Ko 
is idempotent, then it is easy to see that iS^'^'"' C S]^^. Since Ta preserves — ^p[a]) 
it has a homomorphic image on >S^f '"^ say T. For all I,Jg 5^^'"', 

r(J,J) = T(|/|^p[a], |J|^p[a]) ( by idempotence of I • |^p[a]) 
= |Ta(/, J)\^p[a] (by definition of T) 

□ 

Rem,ark 5.10. A condition in Proposition 5.9 is that Ko is idempotent for |-|^p[a]. 
This condition can always be satisfied. Given a reduction ^ of A in Ko, there exists 
an equivalent reduction -<' of A in ii'o such that for all P[a], Ko is idempotent for 

|-|-;P[a]- 

Define ^':=^ U{ {Q[b],Q'[c]) \ Q G tk„ A Q' e t \ tk^}. In each domain 
atom depends on the same atoms as in -< but also on all domain atoms interpreted 
by Ko. It is easy to see that for all P[a] G Atj^: 

(a) \Ko\^'p[a] = Ko, and 

(b) for all extensions /, J of Ko, I =^'p[a] J iS I =^p[a] J- 

Consequently, if ^ is a reduction of A in Ko, then -<' is an equivalent reduction of 
A in Ko in which Ko is idempotent for | • |^p[a], for all P[a] e Af^. 

Unless explicitly stated otherwise, we assume that Tf„ C C ta, that -< is 
transitive and that Ko is idempotent for | • |^p[o], for all P[a] G At\. 
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Proposition 5.11. For each domain atom P[a], the operator STa preserves 
— -;p[o] 'in ^Ka- homomorphic image on 5^^'"' is |5'Ta(-)|-;p[o]- Moreover, for 
all I G SJ^^, \STA{I)\^p[a,] is lfpi\TA{-,I)\^p[a]) in the lattice S^.^}"'\ 

Proof. Let I be an element of SJ^ . The structure STa{I) is the least fixpoint 
of the operator Ta(-,/) in the sublattice <SJ| ^ C «SJ-^. By Proposition 5.9, the 

operator preserves =^p[a] and, since we assume that li^ol^pfa] = ^o, its homo- 
morphic image in the lattice 5^^'°' is |Ta(-! |J|-<p[a])Up[a]- By Proposition 3.6(b), 

'^A 

taking the homomorphic image and the least fixpoint of this operator commute. 
Consequently, we obtain that 

\STA{I)Up[a] =K/p(TA(-,/))|^P[a] 

= yp(|TA(-, \I\^P[a])\^P[a]) 

= lfp{\TA{-,I)\^Pla]) ( since / =^P[a] \I\^P[a]) 

in the image lattice iS^^'°'. 

Assume I, J G SJ^^ such that / =^p[gj J. Then /|t-o^ — -<p[a] ^Ir^ and the lattices 
are identical and the operators |Ta(', I)\^p[a] and |Ta(-, J)\~iP[a] 

' '"a ' ^a 

on this lattice are identical. We obtain that \STA{I)\^p[a,] = \STA{J)\^p[a] or that 
STa{I) ^xP[a] STa{J). 

□ 

Now we found that ST^ preserves — -;p[a] for each domain atom P[a], and we 
can repeat the argument for the construction of the well-founded model. 

Proposition 5.12. For each domain atom P[a], for all Jo, Jo £ iflo —^p[a] 
Jo then lo'^^ -^P[a] Jo'^^ and lo^^ — ^P[a] Jo^^ ■ Moreover, | Jo'^'''|^p[o] is 
lfp{{\STA{-)Up[^]?), and |Jo^T|^P[ai is gfp{{\STA{-)Up[a]?) in the lattice Sf^^'l 

The proof of this proposition is entirely similar to the proof of Proposition 5.11 
and is omitted. The proposition entails that if A is total in Jq and in Jq and 
Jo =xp[a] Jo, then Jo^ — -<p[a] Jo'^- This proves Theorem 5.8. 

6. MODULARITY 

In this section, we split a definition A into subdefinitions {Ai, A2, . . . , A„}. We 
study under what conditions we can guarantee that for structure J, 

J|=A iff J|= Ai AA2A---AA„. 

This is the subject of the Modularity theorem. 

The Modularity theorem is our main result here. The theorem tells us when we 
can understand a large definition as a conjunction of component definitions. Fre- 
quently, these component definitions have a simpler form — they may be positive 
definitions or non-recursive definition. Therefore, the ability to decompose defini- 
tions without side effects is useful for analyzing large definitions — some properties 
of large defintions are implied by properties of subdefinitions. Thus, the Modularity 
theorem is an important tool for simplifying logical formulas with definitions. 
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From a knowledge representation perspective, problem-free combining and de- 
composing of definitions is crucial while axiomatizing a complex system. For exam- 
ple, one may write two cyclc-frcc modules of the system, which, when combined, 
produce a cyclic dependency between its syntactic components. Such a dependency 
may cause a change in the intended meaning of the original definitions. However 
not every syntactic cycle is problematic. If the condition of the Modularity theorem 
are satisfied, one can guarantee that the composition does not change the intended 
meaning of the original component definitions. 

6.1 Partition of Definitions 

Everywhere in this section, we fix a definition A over some vocabulary r. 

Definition 6.1 partition of definitions. A partition of definition A is a set 
{Ai, . . . , A„}, 1 < n, such that A = Ai U • • • U A„, and if defined symbol P appears 
in the head of a rule of Aj, 1 < i < n, then all rules of A with P in the head belong 
to Ai. 

If {Ai, . . . , A„} is a partition of A, then UiT^. = r^, and r^. fl r^. =0 whenever 
i ^ j. Notice that each Aj has some "new" open symbols. For instance, if P is 
defined in A, but not in Aj, then it is a new open symbol of Aj. Of course, it holds 
that T = rX U = rX, U T^., l<i<n. 

The following theorem demonstrates that a model of a definition, is, at the same 
time, a model of each of its sub- definitions. As a side effect, we demonstrate that 
the totality of the large definition implies the totality of its sub-definitions. 

Theorem 6.2 decomposition. Let A he a definition over r tuith partition 
(Ai, . . . , A„). Let L he a r-structure. If I \= A then / |= Ai A . . . A A„. 

Before proving this theorem, let us consider some of its implications. 

Let / be a model of A. The theorem says that for each i, 1 < i < n, Aj is total 

in the restriction /|r° of / to the open symbols of Aj and moreover that / is 
the A,;-cxtcnsion of /|r° • Using the notations of Definition 4.17, this means that 
J _ jAii _ /^iT^ •\Ye obtain the following corollary. 

Corollary 6.3. If I \= A, then for each i, 1 < i < n, Ai is total in . 

The following example shows that the inverse direction of Theorem 6.2 does not 
hold in general. 

Example 6.4. Let A, Ai, A2 be the following definitions. 



Definition A is total, and its unique model is in which both P and Q are false. 
According to Theorem 6.2, satisfies Ai and A2. Note that {P, Q} is not a model 
of A and yet, it satisfies Ai and A2. Indeed, {P,Q} is the Ai-extension of the 
rXj-structure {Q} and the A2-extension of the rX^-structure {P}. 




A2 



Ai 



{Q^P}- 
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To prove the theorem, we shall use two lemmas. The stable operator maps a 
structure / to the least fixpoint of Ta(-,/) in the lattice SJ, ^ . The first lemma 

shows that the image of I is also the least fixpoint of this operator in much larger 
lattices. 

Lemma 6.5. Let A be a definition over r and I a r-structure. Let t° be any 
vocabulary such that Tin C r° C r^. The least fixpoint of Ta{-, I) in the lattice 
is STa{I). 

Proof. From Proposition 4.9, it follows easily that the operator Ta(-,/) is a 
well-defined, monotone operator in the lattice ST, . Each structure in the image 
of Ta(-,/) belongs to SJ, ^ ^ 5]", . Thus, the least fixpoint of Ta(-,/) in SJ, 
belongs to SJ, ^ and must be STa{I), the least fixpoint of Ta(-, /) in SJ, . □ 

Lemma 6.6. LetM be a fixpoint of the stable operator STa extending t^- structure 
lo- Let K, L be t -structures extending Iq and let L\ro^ = MIt-o . 

(a) If K QL and K QM then ST^^L) C STa{K). ' 

(b) If LQK andMQK then STa{K) □ STa^L). 

Proof. Denote Moi := Mj^-o . Note that since A.; is exactly the set of rules of 
A defining the predicates of . , it holds for each /, J extending /q that 

TA(/,J)|.d^ =TA,(I,J)|,a^. (8) 

Also, by definition of Ta^ , it holds that 

TA.(/,L)|rX^ =ikx^ -Mo,. (9) 

Let K' := STa{K) and L' := STa,{L). The structure L' is the least fixpoint of the 
monotone operator TAi(-, L) in the lattice SJ^ and, using Lemma 6.5, also in the 
larger lattice SJ . The structure K' is the least fixpoint of the monotone operator 
TAi'^K) in the same lattice <SJ . 

(a) het K QL and K C M.° We show that L' C K' . Our goal is to show that 
for each I & ST such that K' C I, 

TA,(/,i)ETA(/,/^). (10) 

Then by applying Lemma 3.5(b) in the lattice <S£, we will obtain that 

lfp{TA,{;L))mfp{TA{;K)), 

or cquivalently that L' C K'. We prove (10) separately for open and defined 
symbols of Aj. 

Because K Q M and by anti-monotonicity of STa, it holds that M = 6'Ta(M) C 
STa{K) = K'. Combined with (9), this yields TA.(/,i)|rX. = ^Ir^. E J^'IrX,- 
By monotonicity of Ta in its first argument, we have that if K' Q I then K' = 
Ta{K',K) E Ta{I,K). We conclude that 

Ta.(/,L)|.o^ C/^'l.o^ CTA(/,i^)ko^. (11) 

We need to show the same for the defined symbols. Since K ^ L, anti-monotonicity 
of Ta in the second argument implies that Ta{I,L) C Ta(/, ^^). Using (8), we 
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obtain that 

TA.(/,L)|,a^ =TA(/,L)Ud^ ETA(/,X)|.a_. (12) 

Statements (11) and (12) give us (10), and we conclude that L' C K' . 

(b) Assume that M C and L C i^. Wc prove that for each / C K' , Ta(/, K) C 
Ta; (/, L). Then we can apply Lemma 3.5(a) which will yield the desired result that 
K' ^ L'. The proof is similar to that of (a). 

First, by anti-mononticity of 5Ta, wc have that K' C M. By monotonicity of Ta 
in its first argument and anti-monotonicity in its second argument, it holds for each 
IQK'QM that Ta(/, K) C Ta(/, M) C Ta(M, M) = M. Using (9), we obtain 
that 

TA(/,i^)|rO^ E M|,o^ = TA,(/,i.)ko^. (13) 

Second, by anti-monotonicity in the second argument it holds that Ta{I,K) E 
Ta(/,L). Using (8), we find 

TA(/,i^)|.d^ ETA(/,L)|,a^ =TA.(/,L)|.d^. (14) 
Statements (13) and (14) yield K' E L'. 
□ 

Proof, (of Theorem 6.2) Let M be the A-extension of the r^-structure /q and 
denote := M|t-o . Consider the sequences of r-extensions of Iq, the increasing 

sequence (/^)|>o, and the decreasing sequence (J^)j>o. The sequences are deter- 
mined by operator S'Ta in the lattice SJ . Since A is total in Jo , structure M is the 
limit of both sequences. Likewise, for each i, consider two sequences, the increasing 
sequence {Ii)(>o and the decreasing sequence {Ji)(>o, determined by the operator 
STAi in the sublattice S]^^.. They converge to Moj^*^ and M^i^'^ respectively. 
Recall that 

/« := 5'Ta(J<«), where J<« := n^<{ J'' 
j€ := 6'Ta(/<«), where /<« := U^<|7'' 
and 

If := 5rA.(J<«), where J<« := n^<5 J]' 
4 := STa,(/<«), where 7<« := U,<47^ 

We will prove that for each ^, 

E /f E Jf E J«. (15) 

This property allows us to conclude that, since the outer sequences (7^)j>o and 
(J^)5>o converge to Af, the inner sequences {lf)(^>a and converge to M as 

well. Therefore, we obtain that A, is total in and that structure M is the 

unique Aj-extension of /|^o . Since i was arbitrary, we obtain that 7 ^ Ai A- • -AA^. 
For each ^, we will prove statement (15) and the following statement: 

l<i c c j<« c j<i (16) 

The two statements are proven by simultaneous induction on ^. 
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(17) 



This is equivalent to 



which is straightforward. 

Second, assume that for arbitrary ^ > 0, statement (16) holds. We prove that then 
(15) holds for ^ as well. Notice that, as a special case, we obtain the base case for 



By the construction of the sequences, we have for each ^ that E J, . By 
anti-monotonicity of STa^, we obtain the middle inequality of (15). Similarly, we 
have that 7^^ E E -Z^^- This, together with the induction hypothesis, entails 
that the conditions of Lemma 6.6 (a)+(b) are satisfied. Application of the lemma 
yields that J« C if and jf E 
Third, assume that for each rj < ^, 



The standard fixpoint construction of anti- monotone operators guarantees the inner 
inequality of (16): 

By taking the union and intersection of appropriate sets over all ?7 < ^, we obtain 
the two outer inequalities of (16): 



This proves the statements (15) and (16) for every ^ and concludes the proof of the 
theorem. □ 

6.2 Reduction Partitions 

Theorem 6.2 gives one direction of the Modularity theorem. Now our goal is to 

come up with some condition on the partition of A so that both directions of the 
Modularity theorem hold. Recall from Example 6.4 that the other direction does 
not hold in general. 

Example 6.7. Recall the definitions in Example 6.4: 



The structure {P, Q} satisfies Ai A A2 but not A. 

In the example, splitting the definition breaks the circular dependency between P 
and Q. This causes the broken equivalence between A and Ai A A2. The example 
suggests that splitting a definition will be equivalence preserving if the splitting 
does not break circular dependencies between atoms. Below we will formalise this 
notion using the notion of reduction relation defined in Section 5. 

The following proposition formulates a simple and useful property of (possibly 
non-transitive) reductions in the context of a partition. 
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Proposition 6.8. Let {Ai, . . . , A„} be a partition of A. 

(a) A relation < is a reduction relation of A in iff for each i, 1 < i < n, ^ 
is a reduction relation of Ai in Kq. 

(h) Let for each i, 1 < i < n, ~<i be reduction relation of A, in Ko- Then -<i 
U • • • U ^„ is a reduction relation of A in Ko- 

Proof, (a) For each defined predicate P, there is exactly one i such that P is 
defined in Aj and the formulas tpp defining P in A and tpp* defining P in Aj are 
identical. It is obvious then that -< is a reduction of A in Kg iff -< is a reduction of 
Aj in Ko, for each i, 1 < i < n. 

(b) If for each i e {1, . . . , n}, -<i is a reduction of Aj in Ko then by Proposition 
5.4, -<i U • • • U ^„ is a reduction relation of each Aj. By (a), -<i U • • • U ^„ is a 
reduction relation of A in ii'o. □ 

Recall that a pre-well-order is a refiexive and transitive relation such that every 

non-empty subset contains a minimal element. 

The following definition is crucial for the right-to-left direction of the Modularity 
theorem. Let Ko be a structure such that tk^ C t^. 

Definition 6.9 reduction partition. Call partition {Ai, . . . , A„} of definition A a 

reduction partition of A in Kq if there is a reduction prc-wcU-orclOT -< of A in Ko 
and if Q\b] -< P[a] and P[a] ~< Q\h], then P and Q are both open predicates of A 
or they are defined in the same Aj. 

Equivalently, if P and Q are not defined in the same Aj, then Q\b] P[a] iff 
Q]fi] -< P[a]. The intuition underlying this definition is that in a reduction partition, 
if an atom defined in one module depends on an atom defined in another module, 
then the latter atom is strictly less in the reduction ordering and hence does not 
depend on the first atom. 

In a first step towards proving the second half of the modularity theorem, we 
prove that if {Ai, . . . , A„} is a reduction partition of A in a r^-structure lo, then 
the conjunction Ai A • • • A A„ has at most one model extending /q. 

Theorem 6.10. If A has a reduction partition {Ai, . . . , A„} in a restructure 
lo then Ai A • • • A A„ has at most one model extending /q- 

Proof. Lot M and M' be models of Ai A- • -AAn. Assume towards contradiction 
that M and M' differ. Let us select a minimal atom P[a] in the reduction pre-well- 
order -< such that M and M' disagree on P[a]. Assume that P[a] is defined in 
Aj. Since -< is reflexive and M and M' disagree on P[a], M ^^pj^j M'. On the 
other hand, because P[a] is minimal, it holds that M =_^pjg] M' . It follows that 
M|^o ^^p[a] M'\ri . Moreover, if Q e t^. then for each atom Q[b], Q[b] -< P[a] 
iff Q[b] P[a]. Hence, we have Afj^-^ =^p^^j A^f'l-j-^ . By Proposition 6.8(a), ^ 
is a transitive reduction relation of Aj in /q. The condition of Proposition 5.12 
holds and we can infer that M = {M\r^ )^' =^P[a] {M'\t^ )^' = M'. We obtain 
M =^p[a] M', a contradiction. □ 
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Example 6.11. Consider the definitions from Example 6.4: 

^■■={qZp']' Ai:={P-Q}, A2:={Q-P}. 

Each reduction of the definition A includes tuples {P,Q) and {Q,P). Hence, the 
partition (Ai, A2) is not a reduction partition. The formula Ai A A2 has multiple 
models and {P,Q}. 

Example 6.12. Consider the partition of the definition from Example 5.2: 

■= { t (^St^i rO(ij) } . A2 := { Vx ^ Eix)) } . 

The transitive reflexive closure -<** of the reduction of A presented in Example 5.2 
is a well-founded partial order. It holds that E[n] <** 0[m] and 0[n] ^** £[m] iff 
n < m. Consequently, {Ai,A2} is a reduction partition. The conjunction of Ai 
and A2 has one model. 

Example 6.13. Consider the following definitions: 

^■■={qZZp]^ Ai:={P^^P}, A2:={0-^P}. 

The reflexive closure of the relation {(P, Q)} is a well-order. Clearly, the partition 
(Ai, A2) is a reduction partition. The definitions A and Ai and the conjunction 
Ai A A2 are all inconsistent. 

In the next step towards proving the second half of the modularity theorem, we 
prove the totality of a well-behaved definition A with a reduction partition. 

Definition 6.14. A partition {Ai, . . . , A„} of definition A is total in a structure 
Ko {tk^ ^ t^a) if 6^ch Aj, 1 < i < n, is total in Kq. 

Theorem 6.15 totality. //A has a total reduction partition {Ai, . . . , A„} in 
a structure (tko C t'^) then A is total in K^. 

Thus, one way to prove that A is total in Kq is to prove that it has a reduction 
partition, and that each definition Aj in the partition is total in Kq. 

To prove this theorem, we need the following lemma. 

Lemma 6.16. Let {Ai,...,A„} he a partition of IS. and let -< a reduction of 
A in restructure such that \Io\~iP[a] = -^o for all P[a] £ At a- M,M' 
be T-structures extending /q such that for some domain atom P[a], {M,M') is 
an oscillating pair of |5TA(-)|^p[a] ('■i^d, M|^o = M'l^-o = Moi- Then for all 

I G 5^^'"', it holds that: 

(a) if it M, then M' C |S'rA,(/)|^p[aj; 

(b) ifM' C I, then |5TA,(/)Up[a] E M. 

The lemma has a similar proof as Lemma 6.6. 

Proof. By Proposition 5.11, the structure M' is the least fixpoint of |Ta(-, M)|^p[^] 
and M the least fixpoint of |Ta(-, M')|^p[a] in the lattice Sjf^^\ Since M,M' e 
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^^i"^ , they are also the least fixpoints of these operators in the sublattice <S^^^°^ ■ 
Let I e iSMf/"' and denote I' := \STA,{I)Up[a]- By Proposition 6.8, -< IS a re- 
duction of Aj. By Proposition 5.11, I' is the least fixpoint of |TAi(-, /)|xP[a] in 

(a) Let / □ M. We prove that M' C /'. Our goal is to show that for each 
J € such that J E M', 

|Ta(J,M)|^p[s] E |TA.(J,/)|^P[a]- (18) 

Then by Lemma 3.5(a), it will follow that 

M' = Z/p(|TA(-,Af)|^p[a]) □ lfp{\TAA;I)\^Pla])=I'- 

We prove (18) separately for open and defined symbols of A,. 

First, let J □ M'. By monotonicity in the first argument, |Ta(J, M)|^p[^j C 
|Ta (M',M)^p[a] = M'. Also, TA.(J,/)|rx^ = M^i = \M^^Up^s;^. Combining 
these statements, we obtain: 

|TA(J,M)|^P[e,]|,o^ C M'|,o^ = Mo, = |TA,(J,/)|^P[ei]|.o^. (19) 

Second, Ta is anti- monotone in its second argument, which implies Ta(J, M) C 

'^a{J,I), for each J £ 5^^}^.'"'. Since the operators Ta and Ta^ coincide on the 
defined symbols of Aj, it follows that: 

TA(J,/)|.d^ =TA,(J,/)|,a^. 

By combining these statements, wc conclude that: 

TA(J,M)|,a^ ETA(J,/)|,a^ =TA,(J,/)|,a^. 

After projection with | • |xp[o]j we obtain: 

|TA(J,M)|^P[,]|,a^ E \JA,{J,I)Up[a]\ri^. (20) 

The combination of (19) and (20) yields statement (18). 

(b) Let M' E I- We show that for each J G such that M E J, 

|TA,(J,/)Up[a] E |TA(J,M')|xP[a]. 

Then we can apply Lemma 3.5(b) to prove (b). 

For the open predicates, if M E then by the same kind of reasoning as in (a), 

|TA.(J,/)Up[a]|rX^ =Mo. = |TA(Af,Af')Up[a]|rX, E |TA(J,M')|^P[a]|rX^. 

For the defined predicates, for each J it holds that 

TA,(J,/)Ua^ -TA(J,/)|,a^ E Ta ( J, Af' ) Ir^^ • 

Combining both results, we obtain that \TAi{J,I)\^p[a] E |Ta(J, Af')|^p[a]. □ 

Proof, of Theorem 6.15. 
Let lo be an arbitrary TA-extension of Ko- Then, {Ai, . . . , A„} is a total partition 
of A in 7o and, by Proposition 5.4, {Ai, . . . , A„} is a reduction partition of A in 
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Iq. Let ^ be a pre- well-ordered reduction of A in /q satisfying the condition of 
Definition 6.9. We assume idempotence of lo, i.e. |/oUp[a] = -'^o for all P[a] e At^. 
This assumption can always be made: sec Remark 5.10. 

Assume, towards a contradiction, that A is not total in Iq. The assumption 
implies that lo^^ ^ lo'^^ ■ Let P[a], where P G ri, be a minimal atom in the 
reduction ordering -< such that /o^^ ^ P[a] and Iq \= P[o]- By reflexivity of -< 
and our choice of P[a], it holds that 

J- AX q4 7- At 

-'o ^^P[a] -'o , 

T Al T AT 

lo =^P[a] ■ 

Because we have a reduction partition, for each atom Q\b] not defined in A,, (3[6] -< 
P[a] iff Q[b] ^ P[a]. Therefore, 

Define M := \Io^^Up[a] and M' |/o^'^Up[a] and let Mo, M|,o^ = M'|,o^ = 
|(-^o^^|tX )I^P[a]- Since Iq is idempotent for | • |^p[a]5 is an extension of Iq. 
The structures M and M' are different in P[a]. 

On the one hand, since A, is total in /□ and Moi is an extension of lo, it holds that 

On the other hand, we will prove the following: 

\Moi^'^Upia] QMQM'Q IMoi'^'^Up^a]- (21) 
Since M ^ M', we will obtain the contradiction. 

The proof of (21) is by induction. By Proposition 5.12, the following equations hold 
in the lattice : 

|Mo.^-^|^P[a] = lfp{{\STAA-)Up[^])') and \Mo^^'^Upl^] = gM{\STAA-)Upm f)- 

Consider the sequences {lf)(,>o and iJi)^>o determined by the operator {STa^ (Ol^Pfa] 
in the lattice <SjJ^^'"'. We shall demonstrate that the following holds: for every ^, 

/f C M C M' C 4. (22) 

r M □ M' □ J<^. (23) 

Statements (22) and (23) are proven by simultaneous transfinite induction on ^. 
First, we establish the base case of statement (23): 

/<° □ M C M' C J<°. 

This is straightforward since M, M' £ S'^lf^ and /<" and J<" are the bottom and 
top element, respectively, of this lattice. 

Second, we show that, for arbitrary ^, if (23) holds then (22) holds. Let us assume 
that the statement (23) holds for ^. Since I^^ C M, Lemma 6.16(a) implies 
that M' C |S'TA,(/^^)Up[a] = J^. Since M' C then by Lemma 6.16(b), 
7| = |5Ta,(J<«)Up[,]EM. 
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Third, it remains to be proven that if for aU r/ < ^, it holds that !^ M C M' C J^, 
then (23) holds for ^. This is straightforward. 
This completes the proof of the theorem. □ 

Example 6.17. As seen in Example 6.12, the following partition is a reduction 
partition of Ai U A2 in the natural numbers: 



Both subdefinitions are non-recursive and positive. Consequently, both are total. 
So, the conditions of Theorem 6.15 hold. This definition is total in the natural 
numbers and has a unique model. 

Corollary 6.18 Consistency. If A has a total reduction partition {Ai, A„} 
in a T^-structure Iq, then A and Ai A • • • A A„ are consistent and have a model 
extending lo- 

Example 6.19. Recall the definition of Example 6.13: 



Although this definition has a reduction partition, it is not consistent. Corollary 
6.18 does not hold because Ai is not total in any structure. 

Now, we are in a position to prove the second direction of the modularity theorem. 

Let T° C rX. 

Theorem 6.20. If A has a total reduction partition {Ai,...,A„} in the re- 
structure Ko, then for any r-structure M extending Ko, if M ^ Ai A • • • A A„ then 
M \=A. 

Proof. Assume M extends Ko and Af |= Ai A • • • A A„ and let Jo = M|r° . 
Since lo is an extension oi Kq, {Ai, . . . , A„} is a total reduction partition of A in 
lo- The conditions of Theorem 6.15 are satisfied. Consequently, A is total in /q. 
The structure Iq'^ is a model of A and, by Theorem 6.2, of Ai A • • • A A„. Since by 
Theorem 6.10, M is the unique model of Ai A • • • A A„ extending Jq, M and 
are identical. □ 

Theorem 6.21 modularity. // {Ai, . . . , A„} is a total reduction partition of 
A in T°-structure Ko, then for any r-structure M extending Ko, 



Proof. Combine theorems 6.2 and 6.20. □ 

Another immediate consequence is the following corollary. 

Corollary 6.22. Let To be a theory over r° such that for any r° -model Mg of 
To, {Ai, . . . , A„} is a total reduction partition of A in Mg. 
Then Tq A A and Tq A Ai A • • • A A„ are logically equivalent. 





M\=A iff M\=AiA---AA, 
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Example 6.23. As seen in Example 6.17, the following partition is a total reduc- 
tion partition of Ai U A2 in the natural numbers: 

■■= { I mt^) ^ } ' { (^^^(-)) ^ } • 

In ID-logic, the natural numbers are formalised by Tn (Examples 4.4 and 4.21). By 
Corollary 6.22, the theories Tn U {Ai U A2} and Tjq U {Ai A A2} are equivalent. 

7. SOME FAMILIAR TYPES OF DEFINITIONS 

This section reconsiders the four different types of informal inductive definitions dis- 
cussed in section 2: non-recursive definitions, positive definitions, definitions over 
well- founded sets and iterated inductive definitions. Wc demonstrate that these 
types of definitions can be correctly and uniformly represented in ID-logic. To 
this end, we define four formal subclasses of definitions of ID-logic that naturally 
correspond to the four informal types of inductive definitions and prove theorems 
to show that the well-founded semantics correctly formalises the meaning of these 
types of definitions. 

7.1 Non-Recursive Definitions. 

A first case is that of non-recursive definitions. A definition A is non-recursive if 
the bodies of the rules do not contain defined predicates. 

Definition 7.1 completion of A. Define the completion of A, denoted comp(A), 
as the conjunction, for each defined symbol X of A, of formulas 

yx{x{x) <-> v'xfs]). 

The equivalence yx{X{x) <-> y>x[5]) is sometimes referred at as the completed 
definition of X. 

Theorem 7.2. Let A be a non-recursive definition overr. Then A is total and 

a T -structure I satisfies A iff I satisfies comp{A). 

Proof. It is straightforward to show that if A is non-recursive, then for each 
r^-structure !„, the operator Ta is constant in the lattice SJ^ and it maps each 
pair of r-structures to the unique structure / such that, for each defined symbol X, 

X' = {d\Io\=ipx[d\}. 
This / is the unique model of A and the unique model of comp{A) in SJ^ . □ 

7.2 Positive Definitions. 

Let A be a positive definition, defining the symbols P. Let X be a set of new 
predicate symbols such that for each defined symbol Pi, Xi and Pi have the same 
arity. Define the following formula 

PID{A) := /\ A A VX(/\ A[P/X] D (P C X)). 

Here, f\A is the conjunction of formulas obtained by replacing definitional rules 
with material implications in A; A[P/X] is the definition obtained by substiting Xi 
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for each defined symbol Pi and P C X is a shorthand for the formula (Va;Pi(a;) D 
Xi{x)) A • • • A {yxPnix) D X„{x)). The formula PID{A) is the standard second- 
order formula to express that predicates P satisfy the positive inductive definition 
A. 

Define also 

Circ{A; P) := /\ A A VX(/\ A[P/X] AX CP)d P CX). 

This formula is the standard circumscription of /\ A with respect to the defined 
predicates P [Lifschitz 1994]. 

Theorem 7.3. Let A be a positive definition over t. Then A is total and for 
all T-structures I, the following are equivalent: 

(a) I is a model of A; 

(b) I is the least fixpoint of Fa in the lattice SJ ; 

(c) I is a model of PID{A);_ 

(d) I is a model of Circ{A; P) . 

Proof. In case A is a positive definition, defined symbols have no negative 
occurrences, so A and A' are identical. Consequently, for any pair of structures 
I, J in the lattice it holds that Ta(/, J) = ^a{I) which does not depend on 
J. Thus, the stable operator STa is a constant operator in this lattice and maps 
any structure J to the least fixpoint of Fa- Thus, it follows that Iq'^^ and lo'^^ are 
identical to the least fixpoint of Fa in SJ . This proves the equivalence of (a) and 
(b). 

The equivalence of (b) and (c) in case of a positive definition is well-known (see 
e.g. [Aczel 1977]). Finally, the axiom PID{A) expresses that P should be the least 
relations satisfying /\ A, while Circ{A; P) expresses that P should be minimal 
relations satisfying /\ A. Both axioms are equivalent, since there is a set of least 
relations satisfying /\ A, and it is the unique set of minimal relations satisfying this 
formula. □ 

The theorem is significant since it shows that for positive definitions, the seman- 
tics defined here coincides with standard monotone induction. It implies that if 
/ 1= A then I is the least structure extending that satisfies the rules of A viewed 
as a set of first-order implications. 

Example 7.4. Consider the formulation of the induction axiom in ID-logic in 
Example 4.4: 

By Theorem 7.3, it is equivalent to the second-order axiom 



" V.T {N{x) Cx = 0)A 
yx {N{six)) C Nix))A 

VX [V.T {X{x) C X = 0) A Vx {X{s{x)) C X{x)) D Vx{N{x) D X{x))]A ' 

\/x N{x) 

We show that this formula is logically equivalent with the standard induction axiom. 
The first two conjuncts follow from the last and may be deleted. Using the last 
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conjunct, the third conjunct can be simphfied as follows: 

r VX \ix {X{x) C a; = 0) A Vx {X{s{x)) C X{x)) D Vx X{x)]A ' 
[\fx Nix)) 

Notice that the first element of the conjunction does not depend of N, so the 
outer existential quantifier can be moved inwards, and the tautological 3N Vx N{x) 
can be removed. We obtain the standard induction axiom: 

WX [\fx {X{x) C X = 0) A Vx {X{s{x)) C X{x)) D Vx X{x)]. 
7.3 Iterated Inductive Definitions 

Recall from Section 2 that an iterated inductive definition constructs an set as 
the limit of a sequence of constructive steps, each of which itself is a monotone 
induction. Here, we formalise that intuition, and make a connection between this 
new "formalism" and the representation of iterated inductive definitions in ID-logic. 

Let (Ai, . . . , A„) be a finite sequence of positive definitions over a vocabulary r 
such that: 

— all definitions define disjunct sets of relation symbols, i.e., t^. Ht^ . = for i ^ j: 

— if a relation symbol is defined in some Aj, then it does not occur as an open 
symbol in Aj , for any j < i. 

We call such a sequence an iterated inductive definititon and we interpret it as a 
simple, finite case of an iterated inductive definition. 

Let X be the set t^^ U • • • U t^^, i.e., the collection of all symbols defined in at 
least one definition Aj, 1 < i < n, and let t° be the vocabulary t\X. Select an 
arbitrary r°-structure Iq. 

We define /^^(^i'---'^") by induction on i: Iq^^ := Iq and for each i, I < i < n, 
j^{Ar,...Ai) (j^(Ai,...,Ai_i)^A^ Note that by Theorem 7.3, /o^^"-'"^*^ is the least 
fixpoint of the positive definition Ai extending - The above definition 

models precisely the process of iterated induction as explained in Section 2. We say 
that the r-structure /^(^i'---'^") is the structure defined by the iterated inductive 
definition (Ai, . . . , A„) in Iq. 

Consider the iterated inductive definititon (Ai, . . . , A„) and the new definition 
A = Ai U . . . U A„. It is obvious that is equal to t°. 

Theorem 7.5 iterated induction. Let (Ai, . . . , A„) be an iterated inductive 
definititon over vocabulary r. Definition A := Aj U . . . U A„ is a total definition, 
and for all t -structures I extending a t° -structure I^, the following are equivalent: 

(a) I is a model of A; 

(b) I is the structure defined by (Ai, . . . , A„) in Iq, i-e., I = 7^(^i'---'^")^- 

(c) I satisfies PID{Ai) A ... A P/D(A„); 

The theorem's significance is that it shows that the semantics of the logic correctly 
formalises this type of finite iterated inductive definitions. 

Define for each < i < n, r* := t° U r^^ U . . . U r^.. It is easy to see that 
r° = T° and r" = r. Also, it holds that A^ is a definition over the vocabulary r*, 
all open symbols in Aj belong to r*~^ and, for any r°-structure /q, /^(^i' - '^*) jg a 
r*-structure. 
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To prove the theorem, we need the following modularity lemma. 

Lemma 7.6. Let (Ai, . . . , A„) he an iterated inductive definititon and let A := 
Ai U . . . U A„. The definition A and the conjunction Ai A • • • A A„ of definitions 
are logically equivalent. 

Proof. Consider an arbitrary r^-structure Iq with domain A. We will now prove 
that {Ai, . . . , A„} is a total reduction partition of A in /q. Then, by application 
of Theorem 6.21, we obtain the lemma. 

First, by Theorem 7.3, each Aj is total in I^. Consequently, the partition {Ai, . . . , A„} 
is total in /q. 

Second, define the following partial order in At"^: for arbitrary domain atoms P[a], 
Q\b], define Q\b] ~< P[a] iff P is defined in Aj for some i, 1 < i < n, and Q is defined 
in Aj for some j, 1 < j < i. 

The relation -< is clearly a pre- well-order. By definition of it holds that if P and 

Q are not defined in the same A; and Q[b] -< P[a], then Q]f>] P[o]. We show 
that for each i,l<i<n,^isa reduction of Aj in Jq. 

Let P be a defined predicate of Aj. For each domain atom P[a], for all r-structures 

I,JgSJ,I — ^p[a] J holds iff = J|^i. Since ipp contains only symbols of r', 
if (/, J) ^^p[a] {!', J') then Ij H Ma] iS I'j, ^ ^p[a]. 

Since -< is a reduction of each Aj, 1 <i <n, Proposition 6.8(a) guarantees that -< 

is a reduction of A. 

Combining the above results, we conclude that {Ai, . . . , A„} is a total reduction 
partition of A in /q. □ 

Proof, of Theorem 7.5. 
Let / be a r-structure extending Iq- The following equivalences hold: 

/ is a model of A iff 7 is a model of Ai A • • • A A„ (Lemma 7.6) 

iff I satisfies PID{Ai) A ... A P7£)(A„) (Theorem 7.3) 

What remains to be shown is that 

7 H Ai A • • • A A„ ifl[ / = 7^(^i.-.^"). 

Let I be any r-structure extending Iq. We show that for each i, < i < n, 
7 1= Ai A . . . A Aj iff = Io^^^'"''^'\ Then for the case i = n, we obtain that 
7 1= Ai A ... A An iff I\t" = 7o^^^' ' '^"^ which, since r" = r, means that 7 and 
j^(Ai,...,A„) identical. 

The proof is by induction. In the base case {i = 0), the property is trivially satisfied. 
Assume that the property holds for i — 1. We prove that the equivalence holds for 
i. 

To prove one direction, assume that 7 ^ Ai A . . . A Aj. Since 7 ^ Aj, it holds 
that 7 = (7|t-o )^*. Since all open symbols occurring in Aj belong to r*~^, it 

is easy to sec that 7|^i = (7|^i-i)^'. Also, 7 |= Ai A . . . A Aj_i and hence, by 
application of the induction hypothesis, 7|^i-i = Jq(^1'---'^*-i) . We conclude that 
7|,. = (7|,.-0^^ = (7„(^--^*-))A. = 7„(Ai,...,A.)_ 

For the other direction, assume that Il^-i = /^^(Aiv.Ai) Since /^^(Aiv.Ai) _ 
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(j^(Ai,..,Ai_i)^A,^ / extends /^(^i.-.Ai-i) ^^^^ j ^ gy induction hypothe- 
sis, / satisfies also Ai A . . . A Ai_i. We obtain that / |= Ai A . . . A A,. □ 

7.4 Definitions over Weil-Founded Order. 

We now present a formaUsation of the informal concept of a definition over a well- 
founded order (sec section 2) in the framework of ID-logic. Let A be a definition 
over T and Ko a structure such that tk„ C t^. 

Definition 7.7 strict reduction relation. A reduction relation ^ of A in Ko is 
strict if it is a strict well-founded partial order (i.e., an anti-symmetric, transitive 
binary relation without infinite descending chains). 

Hence, a strict reduction -< has no cycles. If A allows a strict reduction then there 
are no atoms that depend on themselves. 

Definition 7.8 definition over a luell-founded order. Wc say that A is a defini- 
tion over the (strict) well-founded order -< in if is a strict reduction relation 
of A in K^. 

Theorem 7.9 completion. Suppose -< is a strict reduction relation of A in 
Ko. The definition A is total in Kg and for any t -structure I extending Ko, I \= A 
iff I\= comp{A). 

Proof. Fix an arbitrary r^-structure Jq extending Ko- We will show that the 
equality /q^^ = lo^^ = lo^ holds, and moreover that for any r-structure / extend- 
ing lo, I \= comp{A) iff / = lo^. Since lo is arbitrary, we will obtain the proof of 
the theorem. 

We start by showing that there is at most one pair (/, J) in SJ satisfying 
Ta(/, J) = I and T ^{ J, I) = J, moreover if such a pair exists then I = J. 
Suppose that there arc two such pairs; i.e., there exist I, J, I', J' € SJ such that 
Ta(/, J) = /, Ta(J,/) = J, Ta(/', J') = /' and Ta(J',/') = J'. Let P[a] be a 
minimal atom such that P[aY ^ P\o^ or -P[«]"^ / P[a]'^ . Since < is irreflexive, it 
holds that I — -<p[a] i' and J — xP[a] J' ■ Hence by Proposition 5.7, 

P\a\' = P\aY^^'^^^ = P[a]'r^(^''-^') = P[a]^' 

and 

P[a]^ = P\aY^^^^'^ = P[a]"rA(^'.^') = p[aY' . 
We obtain a contradiction. 

It follows that there can be at most one pair (7, J) satisfying this condition. More- 
over, if such a pair, say {I, J), exists then also the symmetric pair (J,/) satisfies 
the condition and consequently, / and J have to be identical. 

Now, the proof of totality follows easily. The pair (/o'^^,/o^^) is the maximal 
oscillating pair of the stable operator. Every oscillating pair (/, J) of the stable 
operator satisfies Ta(/, J) = I and Ta(J, /) = J. By the previous paragraph, it 
follows that lo^^ = lo'^^ = lo^. 

We also just proved that /q'^ is the unique structure that extends lo and satisfies 
the fixpoint equation Ta(/, I) = I- We derive for all I extending lo'. 
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/ = /o^ iff/ = TA(/,/) 

iff / = rA(/) (Corollary 4.11) 

iff for each defined domain atom P[a], P[aY = ipp[aY 
iff / ^ comp{A) . 

□ 

We obtain the following corollary. 

Corollary 7.10. Suppose a definition A over r and a theory To over t° C 
such that for any model Ko of To, A is a definition over some well-founded order 
-< in Ko- Then Tq A A and To A comp{A) are logically equivalent. 

Example 7.11. Consider the definition A of Example 4.19: 

r Vx (Eix) ^ X = 0) , 1 
"^-^ - \ Vx {E{s{x)) <- ^E{x)) / • 

The transitive closure of the reduction {{E[n], E[n+1]) | n G N} is a strict reduction 
of Agyen in the natural numbers. Consequently, in the context of the natural 
numbers, this definition can be expressed in first-order logic, by cornp{A,yiH'n) ■ 

Notice also that PID{A^yen) is inconsistent in the natural numbers. Indeed, 
the sets {0, 2, 4, 6, ... } and {0, 1, 3, 5, ... } are both minimal sets containing and 
containing n+l if n is not contained. Consequently, there is no least such set. 

Example 7.12. In this example, we illustrate how an ID-theory can be trans- 
formed into an equivalent second-order theory using the techniques that were de- 
velopped in this paper. 

Consider the ID-theory T = T^\J {A} where Tn was defined in Example 4.4 and 
A in Example 5.2: 

[ Va; {E{x) ^ x = 0), \ 
A :={yx {E{s{x)) ^ 0{x)), ) . 
{yx {0{s{x)) ^ E{x)) J 

In Example 7.4, we showed that the ID-logic induction axiom in Tjj can be trans- 
lated into the standard induction axiom and that the unique model of this theory 
is the set of natural numbers. 

To translate A to classical logic, one can pick among several alternatives. 

(1) Since A is a positive definition, by Theorem 7.3, it can be translated into a 
second-order induction axiom. 

(2) Alternatively, we observe that A has a strict reduction in the natural numbers. 
This is the transitive closure of the relation 

{{E[n],0[n+l]),{0[n],E[n+l]) | n G N}. 

Now we can use Theorem 7.9 to translate A to the first-order theory comp{A). 

(3) In Example 6.12, it was shown that A has a reduction partition in the natural 
numbers 

■■= { li Sx^i ro(i')) } ' - { (^(^(-)) - ^(-)) } • 
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Consequently, we can substitute Ai A A2 for A. Both definitions are non- 
recursive and, by Theorem 7.2, they are equivalent with comp{ Ai) A comp{ A2) . 

After applying transformations (2) and (3), we obtain the same theory, namely the 
first-order theory comp{A) augmented with the second-order induction axiom (and 
Peano's disequality axioms). 

8. CONCLUSION 

Recently, we argued [Denecker 2000; Denecker et al. 2001b] that non-monotone 
forms of inductive definitions such as iterated inductive definitions and definitions 
over well-orders, can play a unifying role in logic, AI and knowledge representation, 
connecting remote areas such as non-monotonic reasoning, logic programming, de- 
scription logics, deductive databases and fixpoint logics. In this paper, we further 
substantiated this claim by defining a more general logic integrating classical logic 
and monotone and non-monotone inductive definitions and investigating its rela- 
tions to first- and second-order logic and studying its modularity properties. 

The main technical theorems here are the Modularity theorem and the theo- 
rems translating certain classes of ID-formulas into classical logic formalisations. 
Problem-free composition is crucial while axiomatizing a complex system. Because 
definitions in our logic are non-monotone, composing or decomposing definitions is 
in general not equivalence preserving. However, the conditions we have presented 
allow one to separate problem- free (de) compositions from those causing change in 
meaning. We have shown that the Modularity theorem is useful also for analyzing 
complex definitions — some properties of large definitions are implied by properties 
of sub-definition. The Modularity theorem is also an important tool for simplifying 
logical formulas with definitions by translating them into formulas of classical logic. 

In [Denc;c;kc!r and Ternovska 2004] , we have applied our logic to what has always 
been the most important test domain of knowledge representation — temporal 
reasoning. We presented an inductive situation calculus, a formalisation of the 
situation calculus with ramification as an inductive definition, defining fluents and 
causality predicates by simultaneous induction in the well-ordered set of situations. 
An important aspect of our formalisation is that causation rules can be represented 
in a modular way by rules in an inductive definition. Wc applied the Modularity 
theorem to demonstrate its equivalence with a situation calculus axiomatization 
based on completion and circumscription. 
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